Most businesses, regardless of size, collect sensitive information from both clients and employees. This includes names, birth dates, addresses, social security numbers and much more. In the wrong hands, this information can cause a lot of problems with identity theft for both the individual and the company.
Several laws are in place dictating how sensitive information is stored and secured, and, when the time comes, destroyed. Many have industries have document destruction regulations as well, including the medical industry (HIPAA), credit industry (FACTA), banking industry (GLAB) and government agencies (GSA).
It is also important to note that with the great advances in technology, document destruction extends beyond paper files, but also includes digital storage devices such as hard drives, CD/DVDs, USB flash drives and laptops. Some shredding services can also destroy prototypes and product samples to help further protect company secrets.
A good document management policy is helpful in training employees how to handle sensitive materials. Here are some of the regulations to consider while creating your company policies and procedures for paper shredding.
The National Association for Information Destruction, or NAID, is a non-profit group that certifies document and other private information destruction companies. NAID ensures companies follow all government regulations, both federal and local, and are keeping all shredding and destruction services secure. Several industries are required to use a NAID-certified paper shredding service to take care of their document destruction needs. These services are equipped and trained to comply with information privacy regulations, including HIPAA, FACTA, GLAB and GSA.
Some laws actually regulate the size of the shred needed to destroy your documents. There are six sizes to choose from. Level 1 is a standard strip-cut shred that is usually found on home-use paper shredders. This is okay for junk mail, but more sensitive information requires smaller shreds that are harder to piece together. Level 5 is a small crosscut shred, while the most secure, Level 6, is often referred to as confetti-like. HIPAA and other sensitive documents require this higher level of shred.
Don't See, Don't Hold
When it is time to destroy FACTA and other documents that contain sensitive client and employee information, these files needs to be secured so that they don't fall into the wrong hands before they can be destroyed. Locked consoles, or collection bins, are an easy way to keep information secure. With a small slot for slipping the paper in, these consoles cannot be opened except by a trained, certified and authorized person. Even then, these professionals are instructed to not handle the sensitive information, but rather transport the bins to the point of shredding. There the bins are unlocked and immediately dumped so that the worker never physically handles or views the documents. This greatly reduces the possibility of someone being able to snatch that information. It is also a requirement for several industries.
Certificate of Destruction
Once your files have been destroyed, you must retain a certificate of destruction. This is the physical proof that you took all the necessary and proper steps in ensuring your important documents were properly shredded. Every NAID-certified paper shredding company provides this proof. Keep this safe since often industries are audited to ensure compliance. If your company is audited this certificate of destruction is the proof that you and your staff are following the rules.
The best way to prevent identity theft is to be proactive. One way to be prepared is implementing company policies and procedures that are secure and right in line with legal requirements and regulations. Even if your company isn't required to be as careful with its sensitive information, good paper shredding practices always bring another layer of protection and peace of mind.