Is Your Shredding Policy Compliant?
Shred This: Scene One
(Brian approaches Sam in the office.)
Brian: Hey Sam. I’m heading home in twenty minutes. Anything else you need?
Sam: How about an answer to the email I sent you about our shredding policy. Are we compliant?
Brian: Oh. You were serious. I thought you knew the drill. Frank collects all the paper from the office bins twice a week and takes it to the shredding room and shreds it. Then he bags it and puts it out on Thursday for Friday Morning garbage collection. I doubt there’s anything written down about that.
Sam: Thanks Brian. You’re fired.
Sam: Ha. Just kidding. But I’m not kidding about the shredding policy. It needs to be compliant and what you described isn’t. Take a look at these guidelines and come back to me next week with a compliancy policy.
Brian: Does this need to be a priority?
Sam: Yeh. There’s a lot at stake. Like your job. Ha. Just kidding again. But there’s legal implications. See you Monday.
Brian: Does that mean I still have my job?
What Legal Implications Are You Talking About?
Any company that generates Personally Identifiable Information (PII) is required by law to safeguard and protect that information from beginning to end, or “cradle to grave.”
- The Privacy Act of 1974 gives your clients the right to privacy and places the responsibility of protecting their private information in the hands of companies that obtain it.
- The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education and parent records, holding educational institutions responsible if it’s mishandled.
- The Health Insurance Portability and Accountability Act (HIPAA) regulates the protection required of Personal Health Information.
- The Fair and Accurate Credit Transaction Act (FACTA) states that any company that improperly disposes of sensitive documents will be held responsible and that documents must be destroyed to a point that they are permanently unreadable.
So, What Do I Need to Change?
- Show That You Have Proof of Compliance: If shredding is your means of destroying documents, the law does require proof of compliance. A reputable paper shredding company can supply a formal Certificate of Destruction for this purpose. This document contains detailed information about the paper shredding and that their process has followed all relevant laws.
- Protect The Documents: Shredding is a great way to end the paper lifecycle, but prior to that, the information can be breached if it is left unattended or is lost or stolen. Documents need to be kept secure at all times. When documents are discarded, they should be placed in a locked container like a shred bin and kept in a secure place. The discarded documents should be retrieved by someone authorized and trained to securely transport it to the shredding location. The documents must then be destroyed beyond recognition. Ideally, the shredded material should then be 100% recycled.
- Include Retention Periods: This is a means of knowing what the lifespan of each document should be and ensuring that it is destroyed by the date it should be. It is illegal to destroy it ahead of time, and a security risk if the lifecycle is extended beyond the retention date. Records management guidelines, including retention schedules, are legislated at the federal and state levels.
Shred This: Scene Two
Brian: Who would have ever thought there was so much attention given to shredding compliance? I don’t even know where to start. This seems way over my head. Any suggestions?
Tell Me What to Do!
- Create a simple policy because a simple policy is better than no policy and can be developed over time. Include the legal reasons the policy exists, what should be shredded, and when. Instruct staff to paper should be deposited and the process of getting it to the shredder.
- Consider outsourcing the collection, removal and shredding of your documents to a local, NAID AAA Certified shredding company. Why NAID AAA Certified? Because the National Association for Information Destruction (NAID) verifies that certified shredding providers comply with all known data protection laws. To do this, member companies submit to surprise audits and fulfill strict requirements. You will save time, money, and a great deal of risk by partnering with a NAID AAA Certified company.
Shred This: Scene Three
Brian: This information is a life saver! Sam will love me. Not only will I avoid getting fired, I just may get a promotion on Monday. All I have to do is call Pacific Shredding at 800-685-9034 or complete the form on this page for expert help and NAID AAA Certified shredding. Problem solved!