Every business and organization generates paperwork on a daily basis, and even individuals can accumulate a sizable stack of paperwork after a short period. But while individuals may be able to take care of their paper shredding needs by themselves, businesses and organizations should make use of corporate shredding services in order to responsibly deal with their sensitive paperwork.
What the Law Has to Say About Confidential Shredding and Data Security
Data security has become such a concern for individuals and businesses around the world that governments are responding, producing a myriad of U.S. laws mandating that businesses address data security compliance in a proactive way.
A comprehensive legal framework now exists, with many more states tipped to enact their own legislation in the coming years. In addition, many industries have their own regulations that dictate industry best practices when it comes to paper shredding and issues relating to data security at large.
In order to comply with data security legislation, companies and organisations are strongly advised to use corporate shredding services rather than attempting to tackle paper shredding in-house.
The current legal framework in the United States regarding data security includes the following:
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA addresses medical record security and patient privacy and was the primary piece of legislation regarding data security in the healthcare industry for many years.
Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH)
HITECH widened the scope previously provided by HIPAA and established a system of incentives for healthcare providers who opted to use electronic health records, in addition to providing a financial budget for providers to cover training and development. Aimed at containing information relating to patients to authorized users, HITECH mandated that all healthcare providers must switch to electronic health records by 2015, after which penalties would apply.
Fair and Accurate Credit Transactions Act of 2003 (FACTA)
While HIPAA and HITECH relate to the medical industry, FACTA provides regulations for financial institutions and creditors, including savings institutions and banks. FACTA aims to ensure that all financial institutions are aware of potential “red flags” which could indicate potential misuse of financial data and that they know how to respond accordingly.
Sarbanes–Oxley Act of 2002 (SOX)
SOX applies to all public companies in the United States and was enacted largely as a reaction to highly publicised data security scandals including Enron and WorldCom. The legislation sets out specific provisions to mandate secure methods of destruction of financial records and other confidential information. It is due to this legislation that businesses – especially small- to medium-sized businesses – came to the realization that they were unwise to continue to attempt to deal with the destruction of confidential paperwork in-house, ultimately leading to the rise of corporate shredding services.
Gramm-Leach-Bliley Act (GLB), aka Financial Services Modernization Act of 1999
This legislation specifically targets the protection of consumer information within the power and control of financial organizations.
As a result of the legislation, companies must enact:
- Policies that disclose the information being collected and how that information is to be used;
- Policies that give individuals the right to opt out of having their personal data on sold to third parties; and
- Policies that prevent confidential information being accessed by unauthorized users.
A company in violation of this legislation faces regulatory enforcement actions including substantial fines.
The Cost-Effectiveness of Corporate Shredding Services
Given that companies and organizations face substantial penalties – including monetary fines and damage to their reputation – for failing to dispose of confidential information in an appropriate way, corporate shredding services have become a cost-effective solution to the problem of confidential paperwork security.
Smaller companies who attempt to deal with their paper shredding needs in-house often quickly come to the realization that the cost of wages and equipment far outweighs the cost of outsourcing the task to one of America’s top corporate shredding services. At Data Destruction Corporation, we can potentially shred the same number of documents in a matter of minutes that it would take a company employee days to shred manually.
Delegating your corporate shredding services to a professional data destruction company passes all risks associated with the confidential paperwork to us. A mandatory Certificate of Destruction is provided following every data destruction task performed, giving you the legally recognized proof that you need to show that you have taken all possible steps to protect your clients’ data from a potential breach.
To find out more about how Data Destruction Corporation can help you with your paper shredding and data destruction needs, contact us today.