Government Compliance for Data Destruction

Data Destruction Law Compliance

Within the past few decades, state and federal laws have changed the data destruction landscape. The guidelines set in place have made the disposal of all types of materials more secure.

Destruction companies must follow the regulations stated in these laws to ensure they are providing safe destruction services to their clients. It is reassuring for the client to know their information is being protected throughout the destruction process due to these laws.

Overview of Destruction Laws

Before the introduction of many of the laws that exist today, companies could just toss their client’s private information in the trash or recycle documents instead of shredding them. The world has changed greatly in the past few decades, new advancements in technology have made securing private information in paper and electronic form a top priority.

The following laws have been created in the past few decades to protect private information:


HIPAA Compliance for SecurityIn 1996 the federal government passed a major privacy law relating to the health industry called the Health Insurance Portability and Accountability Act or HIPAA.

The law regulates Personal Health Information (PHI) by ensuring there are safeguards in place to protect the records as well as prohibit the disclosure of them. When disposing of PHI, it is critical the shredding company is HIPAA compliant or else hefty fines could be given out.


The Computer Fraud and Abuse Act, or CFAA, was passed in 1984 but has been updated six times since to create a computer security law that reflects the current technology environment. When it comes to electronic data, look no further than this law to find regulations on how to handle your digital documents.


Over a decade later, the Gramm-Leach-Bliley Act, or GLBA, was passed which sets restrictions on financial institutions and how they are to manage their client’s documents.

Sarbanes Oxley Act of 2002

The Sarbanes Oxley Act of 2002 sets requirements for document retention times which could affect when you are able to shred your sensitive records.


Just a year later, the Fair and Accurate Credit Transactions Act, or FACTA, was enacted which regulates how businesses of all shapes and sizes must protect and properly dispose of sensitive or personal client data.

The majority of states have also created laws on data disposal. To find the regulations specific to your state, check out this site.

Data Destruction Laws

How Data Destruction Laws Work to Protect You

These laws are designed to protect the consumer’s privacy. Whether in the form of paper, digital, or electronic media, your information will be guarded under one of the various state or federal laws mentioned above.

The Department of Defense and other government agencies also have strict regulations on the size of the shredded paper bits. And in fact, many shredding companies choose to use shredders that produce particle sizes that are smaller than what is currently regulated for the average shredding purge performed at a home or office.

Document shredding organizations and companies that provide data destruction services must conform to federal and local regulations, and the better companies will provide the utmost security with extra small shred sizes.

How to Determine if a Shredding Company Is Secure

The current regulations have forced destruction companies to become even more secure. If a shredding company does not comply with all federal and state destruction laws they can be fined and will damage their reputation.

There are many steps shredding companies take to establish compliance, such as:

    • Becoming NAID certified
    • Using a shredder that produces the highest level of security per DIN 66399
    • Providing a certificate of destruction

Shredding companies choose to be NAID certified and it is not an easy process as it requires an audit to be done at every individual location the business owns.

During the audit, NAID makes sure the company’s shredding protocol follows all laws and regulations including FACTA and HIPAA. If a company is up to NAID’s standards, they will receive certification.

A business that receives this designation can be considered trustworthy and compliant with all data destruction laws.

Paper Shredded with Cross Cut Shredding Technique

Paper Shred Sizes

By providing customers with various security levels, shredding companies can guarantee no matter how sensitive the document, it will be destroyed in compliance with the current industry standards on particle size.

DIN 66399 outlines the different paper shredder security levels. You should ask your destruction provider what type of shredding they offer—strip cut, cross cut, or micro cut.

Certificates of Destruction

Another step destruction companies take to ensure compliance is offering a certificate of destruction. This documentation proves the records were shredded securely.

The certificate should include information such as the date and location of the destruction, the names of people who completed the shredding, and other transfer of custody information. A certificate of destruction holds shredding companies accountable in case of a legal action or an audit and leaves a chain of custody trail.

There are plenty of steps destruction companies must take to ensure compliance with federal laws. In many cases, the process to achieve these standards is not easy which makes companies that attain such attributes even more trustworthy and secure.

Locate Secure Shredding Services Near You

If you are looking for paper shredding or a product destruction service, we can help. Shred Nations has a nationwide network of contractors that provide secure onsite and offsite shredding options. Give us a call at (800) 747-3365 or fill out the form to the right for free quotes on reliable shredding services near you.