In-house document shredding may seem like a cost-effective solution for a company’s record disposal needs, but the practice is fraught with unforeseen risks that can lead to data breaches, identify theft and the potential for huge costs borne by regulatory fines and/or civil litigation. In fact, the various federal and state regulatory regimes dictating proper record disposal might make make in-house shredding among the least effective options.
How’s that, you ask?
Well, federal and state rules governing record disposal can be so convoluted that to ensure compliance your company might have to hire someone specifically for the purpose of proper record disposal, or at the least, assign a manager to oversee the disposal process. In many cases just stuffing records into that small, desk-side shredder isn’t going to cut it, as some rules require documentation to prove successful destruction of the records. And letting records and other important documentation pile up isn’t a very good idea either. The build-up will eventually overwhelm the office space, but even more important is ensuring the security of that ever-growing trove of paperwork.
The regulatory regime should be the primary factor guiding your thinking on record storage, disposal, and document shredding. Start with the basics: U.S. law under the Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, and Fair and Accurate Credit Transactions Act requires secure disposal when a record contains personally identifiable information (PII), such as name, address, telephone number, email address, Social Security number, etc. (please see our [insert date] blog: “What to Shred—Paper Document and Digital Data Shredding Tips”).
Most states also have laws that require businesses and organizations that maintain PII to take specific measures in the destruction of their records. While these various federal and state mandates are for the most part similar, there are differences in how companies must comply with them. For example, the Gramm-Leach-Bliley Act requires financial institutions to develop and follow written programs regarding all aspects of records management and disposal. Additionally, organizations and companies must follow all of the different state laws for any out-of-state PII records they might have in their possession.
Professional shredding companies such as Security Data Destruction are familiar with these laws and can ensure that your business or organization stays in compliance with them when it comes time to dispose of your PII records. And by maintaining compliance, you can eliminate the risk of regulatory fines and any resultant civil litigation.
Other risks to in-house shredding are, well, primarily in house. First off, you have to rely on the trustworthiness of your employees that the shredding will be successfully conducted as tasked. Shredding is a monotonous, low-level task and employees may not understand the harm that could be caused by letting some of the assigned-for-destruction paperwork slip into the regular garbage or recycling bins. Such slippage can also prove tempting should your employees be faced with other pressing duties on their schedules.
The effectiveness of In-house shredding can also be compromised by the equipment being used. Most small office shredders can only handle a few pages at a time, and smaller shredders are prone to overheating. Shredders are also loud, which can impact other business being conducted in the office, whether by annoying visiting clients or ruining the concentration of employees.
And speaking of your employees, in-house shredders may present a health risk. Shredders create “paper dust,” which has been linked to respiratory problems and identified as a trigger for adult-onset asthma. Some paper also contains Bisphenol-A, which is easily absorbed into the skin and being researched for its possible disruption of the human endocrine system. Finally, shredded paper is much more combustible than whole paper, with a build up of shredded paper in small office spaces leading to an increased risk from fire.
All of this leads to the likelihood that in-house shredding will be conducted piecemeal with sensitive PII paperwork piling up in unsecured locations, where it can be easily accessed and possibly stolen by unscrupulous employees, visitors or cleaning staff.
Finally, and to reiterate where we started, your plans for in-house shredding may not be as cost-effective as you think, and they may not comply with requirements put forth by the particular federal or state rules dictating your business sector’s destruction of PII data.
Therefore, cover all of your bases by contacting Security Data Destruction to see how we can securely and safely handle your data shredding needs. No job is too big or too small, and our National Association for Information Destruction certification ensures that our paper shredding, document shredding, hard drive shredding and media shredding will protect the privacy of your business and customers.