50 States, 50 Rules: Shredding Across America
Shredding is an efficient, compliant means for your medium-size business to dispose of old, yet potentially sensitive records. The most effective plan covers all applicable local laws and regulations.
Your business is growing—and that’s great. However one of the less gratifying aspects of running a mid-size firm is grappling with the compliant disposal of sensitive records. As if federal regulations such as HIPAA and SOX aren’t enough to keep your IT, HR and other teams in a constant state of housekeeping, each state maintains its own records regulations.
Though most state guidelines don't specifically call for shredding sensitive records—burning, vaporizing and other forms of utter destruction are perfectly acceptable—shredding is the most reliable, sensible and cost-effective way to forever dispose of sensitive information.
When in Rome…or Even Rome, Georgia
Some states’ laws are more stringent than others, though the endgame is the same: Comply or pay the price, either through fines or, worse, the loss of your business. Are you up to speed in the state or states affecting your business? If, like many mid-size businesses yours maintains a presence in several states, you may be missing something.
A good way to check is to visit the appropriate state government websites to search on “data destruction regulations.” You can also visit your state Bar Association’s Web pages and search on “regulatory guidelines and updates.”
Here’s a sampling of state regulations. What does your state require?
- Massachusetts 93I requires that paper records set for destruction be “either redacted, burned, pulverized or shredded.“ Electronic media “shall be destroyed or erased so that personal information cannot practicably be read or reconstructed."
- Georgia’s Senate Bill 475 levies fines from $500 to $10,000 for failing to dispose of records containing sensitive information by shredding, erasing or rendering them otherwise unreadable.
- California 1798.81, a general shredding law, instructs businesses to “take all reasonable steps to dispose, or arrange for the disposal, of customer records” that contain “personal information when those records aren’t needed any longer by (a) shredding, (b) erasing, or (c) otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means.”
- California’s Senate Bill 1386 was the first to shine the spotlight on businesses’ security breaches in the disposal process. Banks, credit card companies, insurance agencies and any other firms handling sensitive customer information must report any security compromises. Now, 45 other states have followed suit with bills of their own, using this California law as the model for handling security breaches.
Unsure about your state’s regulations? Check its official website to better inform your organization’s document disposal efforts.
The Many Bonuses of Compliance
Shredding can help your firm meet the privacy and confidentiality requirements of even the toughest state regulations. And whether you choose to shred onsite or at a remote location, you’ll receive a certificate proving that you complied with those requirements.
However, the benefits of shredding don’t end with compliance. A well-designed plan will effectively reduce the costs associated with storing excess records. What’s more, you can parlay your disposal plan into a company-wide campaign to organize and index the information you’re retaining. That’s a smart move, considering how much time a firm’s employees can spend simply looking for critical information under its own virtual roof.
Teaming with a trusted shredding partner can help you comply with changing regulations, while also identifying cost-cutting and efficiency opportunities. A trusted partner can:
- Keep pace with ever-changing regulatory requirements.
- Assess your compliance needs, identify and protect vital records.
- Develop your organization’s information disposal policy.
- Provide exclusive reporting, tools and guidance for easy assessment of your program with both compliance and cost in mind.
- Certify your shredding effort to satisfy state reporting requirements.
But perhaps the most perennial benefit of a concerted compliance-focused shredding plan is truly priceless: relaxation and peace of mind. Your firm can now enjoy the latitude to focus on its core competencies, instead of chasing paper.
Your Compliant Shredding Solution
A thoughtful shredding plan should address these key business concerns:
- Q: “Are we in compliance?”
A: Shredding ensures you’re in lockstep with the ever-changing privacy requirements of state regulations. A thoughtful shredding plan includes written certification of compliance with these laws and guidelines.
- Q: “Is our plan efficient?”
A: Disposing of and shredding unneeded documents streamlines business processes and helps your employees get to the information they need that much faster.
- Q: “What are we saving?”
A: You’ll no longer pay for storing and maintaining files you no longer need. Shredding can also eliminate or reduce the fines you’d otherwise pay for non-compliance.
Iron Mountain Suggests
When state regulators come calling, send in the shredders. Consider the following steps and safeguards when choosing a vendor:
- Be sure to quiz a potential vendor on its ongoing knowledge of and track record with the regulatory compliance guidelines informing your best practices.
- Work with its team to develop an ongoing information destruction strategy that meets federal and state regulatory requirements.
- Adopt stringent security measures. Workers handling shredding should be screened and pass security clearance. Look for AAA certification by the National Association for Information Destruction.
- Use shredding to comply as a way to launch efficiency and cost-savings measures throughout your business by reducing paperwork, better managing data and eliminating fines for non-compliance.
Do you have more questions about your firm’s shredding options? Read additional Knowledge Center stories on this subject, or Contact Iron Mountain’s consulting services team. You’ll be connected with a knowledgeable product and services specialist who can address your information management challenges.