From laws requiring the protection of personal information to company secrets, it has become increasingly important to properly destroy information before discarding it. Yet, there are many myths surrounding document destruction, some of which have significant repercussions. Listed below are 10 common myths that may lead some astray when it comes to document destruction and paper shredding.
“Not all businesses have to shred documents.”
The U.S. is home to some of the largest and most expensive cases of identity theft. An effort to protect both consumer and organizational information has led to a number of data protection laws requiring business to properly maintain and destroy confidential and sensitive information.
One such law affecting almost every business is the Fair and Accurate Credit Transaction Act (FACTA) and the addition of the Red Flag Rule introduced by the FTC. FACTA requires that any business dealing with credit must have destruction procedures for personally identifiable information.
Along with FACTA, The Health Information Portability and Accountability Act or HIPAA, casts a dragnet on all health organizations and those that do business with them requiring them to properly destroy information prior to discarding it.
“No one really goes through other people trash.”
In fact, trash is handled by many individuals before it ends up in its final resting place. The trash can under your desk at work is emptied by office janitors. In some areas, trash is sorted and separated to try and recover recyclables, including paper. Dumpsters outside are often scavenged for metals, boxes, and other usable materials. Any one of these people may discover discarded sensitive documents and use them maliciously or report them to local news stations. Do you want it known to the public that you casually dumped sensitive documents with important, or confidential information, on them?
“It’s cheaper to shred your own paper.”
Oftentimes, a business may think buying their own shredder is the cheapest option, however, when considering all the costs involved it can be quite expensive. First you must purchase and maintain a shredder. The second cost, much less considered, is employee wages who must shred the paper. A typical shredder would take hours to shred a large box of documents. Even though it might seem like an acceptable alternative, the costs add up.
“It’s best to keep all your records”
Businesses are required by law to maintain a variety of records for a variety of reasons. However, there is also a risk of keeping records past their usefulness. Employee records, receipts, and financial statements that are past their required retention period pose an unnecessary risk. These documents should be shredded to keep them out of the hands of would-be identity thieves. What’s more, are these documents, although past their retention period could still be used in a lawsuit against the organization. It’s best to only retain what is required by law.
“Your employees will shred if they have a shredder.”
If your employees are like many of today’s workers, they are overwhelmed with work. Employers expect more and more out of employees and they are feeling the pressure. An employee may view shredding as a menial task and cut corners or simply toss the documents. If the shredding is not monitored and measured, it may not cover the organization or business in the event of a data or security breach.
“The law requires you to witness the shredding.”
HIPAA and FACTA require businesses to properly destroy personal information but there is no specific requirement that an employee witnesses the shredding.
“Having a shredder proves compliance with the law.”
Simply owning a shredder is not enough to prove compliance with privacy laws. A record of shredding that is monitored and certified must be issued. Reputable shredding services, especially those certified by The National Association for Information Destruction (NAID) will monitor and record all shredding activities as well as provide a certificate of destruction indicating how much was destroyed and when it was destroyed.
“Company secrets are already protected.”
The Economic Espionage Act provides protection for company secrets. In the event of stolen secrets, the EEA helps companies recover damages from the loss, but ONLY if the company has properly protected the records. This includes ensuring the information was properly protected during use, and adequately destroyed before thrown away.
“Recyclers are a safe alternative to shredders”
While witnessed shredding is not required, it still must be done. Recyclers simply bale whole sheets of paper and move them around to various mills and production factories. Breach protections are not in place at these facilities and the potential for leaked information is high.
“Shredded paper is not recyclable.”
This is just not true. Paper fiber is paper fiber and there are 100’s of paper mills across the country that will take them for pulp and turn them into useable products such as tissue paper, office paper, paper bags and so on. All shredding services will recycle the shredded paper bits.
If you shred your own paper, you are safe.
This misconception is a dangerous one. Once paper is shredded and dumped in the trash, the thieves now know exactly what paper to grab. Despite being shredded, technology can assist in reconstruction in a matter of minute. The days of manually rebuilding documents from shredded paper are over. There are computer programs that can reconstruct shredded paper from scanned images. NAID certified shredders will ensure that shredded paper is tracked from beginning to end and stays out of the hands of anyone until it is completely destroyed and remanufactured.
So what do you do?
Work with our expert team at DataShield for secure and thorough paper shredding, record management, electronic recycling, and data destruction services. Contact us today to get started or learn more.