We use common-sense practices to protect sensitive information:

• Where reasonable, we store sensitive information in strongly encrypted form so that even if someone steals or accesses the media, they do not have easy access to sensitive information.
• We keep all encrypted and easily removable physical media that contains sensitive information in a locked server where it is reasonably safe from hacker and intrusion.
  
  Destruction of obsolete sensitive information
  We regularly destroy obsolete records.
  
  
  • We destroy most paper records and documents using an office-grade shredder.
  • We destroy most records on re-writeable media (flash drives, etc)
  • We destroy other records in media-appropriate ways, such as physical breakage or delivery to an ISP-compliant information destruction service.