This template is a records destruction and data retention policy and is intended for use by regulated financial institutions in connection with data maintenance, information destruction, and protection of sensitive customer information. This template includes practical guidance and drafting notes. The Gramm-Leach-Bliley Act (15 U.S.C. §§ 6801, et seq.) (GLBA), the Fair and Accurate Credit Transactions Act of 2003 (15 U.S.C. §§ 1681, et seq.) (FACT Act), and other laws and regulations govern the handling and disposal of personally identifiable information (PII) and confidential customer information. Failure to properly safeguard such information can create considerable risks for customers and expose depository institutions to significant liability. State and federal statutes and regulations contain record retention requirements. Accordingly, separate restrictions may apply to certain institutions, such as the Bank Secrecy Act (31 U.S.C. §§ 5311, et seq.) and recordkeeping regulations ...