Within the past few decades, state and federal laws have changed the data destruction landscape. The guidelines set in place have made the disposal of all materials more secure and reliable for everyone. Destruction companies must follow the regulations stated in these laws to ensure they are providing safe destruction services to their clients. It is also reassuring for the client to know their information is being protected throughout the destruction process due to these laws.
Overview of Destruction Laws
Before the introduction of many of the laws that exist today, companies could just toss their client’s private information in the trash or recycle documents instead of shredding them. The world has changed greatly in the past few decades, new advancements in technology have made securing private information in paper and electronic form a top priority.
In 1996, the federal government passed a major privacy law relating to the health industry called HIPAA. The law regulates Personal Health Information (PHI) by ensuring there are safeguards in place to protect the records as well as prohibit the disclosure of them. When disposing of PHI, it is critical the shredding company is HIPAA compliant or else hefty fines could be given out.
CFAA was passed in 1984 but has been updated six times since to create a computer security law that reflects the current technology environment. When it comes to electronic data, look no further than this law to find regulations on how to handle your digital documents. Over a decade later, GLBA was passed which sets restrictions on financial institutions and how they are to manage their client’s documents.
The Sarbanes Oxley Act of 2002 sets requirements for document retention times which could affect when you are able to shred your sensitive records. Just a year later, FACTA was enacted which regulates how businesses of all shapes and sizes must protect and properly dispose of sensitive or personal client data.
The majority of states have also created laws on data disposal. To find the regulations specific to your state, check out this site.
What Data Destructions Laws Mean for You
These laws are designed to protect the consumer’s privacy. Whether you have paper, digital, or electronic media, your information will be guarded under one of the various state or federal laws mentioned above. When destroying your data, you can be at ease knowing a secure destruction company will be compliant and follow all guidelines.
What Data Destruction Laws Mean for Destruction Companies
The current regulations have forced destruction companies to become even more secure. If a shredding company does not comply with all federal and state laws, they could not only receive substantial fines but also lose their reputation. There are many steps shredding companies take to establish compliance, we will highlight some of them here.
Companies may choose to be NAID certified or members of MSA. NAID AAA Certification is not an easy process as it requires an audit to be done at every individual location the business owns. During the audit, NAID makes sure the company’s shredding protocol follows all laws and regulations including FACTA and HIPAA. If a company is up to NAID’s standards, they will receive certification. A business that receives this designation can be considered trustworthy and compliant with all data destruction laws.
You should also look for shredders that are members of MSA. The Mobile Shredding Association sets standards for all their members that must be adhered to in order to maintain membership. Members are subject to annual random audits to ensure they are adhering to MSA standards. Members of this association can be accounted on providing the most secure destruction services possible.
The shredding industry has also established multiple security levels for paper shredders with DIN 65399. You may not have known that different shredders will cut your paper into smaller or larger bits and the actual cutting style will vary. For this reason, a basic office shredder will not provide the same results as an industrial shredder.
By providing customers with various security levels, shredding companies can guarantee no matter how sensitive the document, it will be destroyed in compliance with the current industry standards on particle size. The Department of Defense and other government agencies have strict regulations on the size of the shredded paper bits. And in fact, many shredding companies choose to use shredders that produce particle sizes that are smaller than what is currently regulated for the average shredding purge at a home or office.
Another step destruction companies take to ensure compliance is offering a certificate of destruction. This documentation proves the records were shredded securely. The certificate should include information such as the date and location of the destruction, the names of people who completed the shredding, and other transfer of custody information. A certificate of destruction holds shredding companies accountable in case of a legal action or an audit and leaves a chain of custody trail.
There are plenty of steps destruction companies must take to ensure compliance with federal laws. In many cases, the process to achieve these standards is not easy which makes companies that attain such attributes even more trustworthy and secure.
Locate Shredding Services Near You
If you are looking for shredding or any destruction service, we can help. Shred Nations has a nationwide network of contractors that can come right to your doorstep and do the shredding for you. Give us a call at (800) 747-3365 or fill out the form to the right for a free quote.