Legal Review: Laws That Impact Document Shredding for Businesses

Not surprisingly, the government has some guidelines regarding document shredding. Protecting sensitive information from getting into the wrong hands is the whole point of shredding, so it can’t be done haphazardly. Also, different kinds of information have their own sets of rules regarding elimination. Beyond the reasonable desire to protect client and customer information, your company should be familiar with all applicable document destruction laws.

FACTA

The Fair and Accurate Credit Transactions Act, or FACTA, went into effect in 2003. FACTA states that documents must be destroyed so thoroughly that any information on said documents can’t be recovered. As for what information FACTA is concerned with keeping from thieves and scammers:

• • Names
  • Addresses
  • Email Addresses
  • Phone Numbers
  • Birthdates
  • Social Security Numbers
  • Fingerprint scans
  • Passport Information
  • Drivers’ Licenses
  • Credit and Debit Card Numbers

To put it simply, any information that could be used to steal someone’s identity.

In order to ensure FACTA compliance, your company will need to have written procedures and policies to ensure proper document destruction. Shredding techniques and schedules, employee training, and the types of documents or storage devices to be shredded should all be in a manual of some kind.

The Privacy Act of 1974

Thanks to the Privacy Act of 1974, your personal information, such as medical records, fingerprints, and financial transactions, are all private. Companies are obligated to keep such information secure but available underwritten consent of the individual. Letting any records protected by this act get into the hands of hackers could result in lawsuits and still legal penalties.

HIPAA

The Health Insurance Portability and Accountability Act of 1996, or HIPAA, keeps medical and patient health information from being released without specific consent from the patient. All entities that have a reason to be interested in an individual’s health status, from hospitals to insurance agencies to business partners, fall under HIPAA law.

There are situations where these entities need to share or disclose the health information of an individual without their permission:

• • If required by a law that supersedes HIPAA.
  • In cases of abuse or domestic violence.
  • For legal proceedings or if required by law enforcement.
  • For cases of workers’ compensation.
  • Certain research, or tissue/organ donation.
  • Identification of the deceased.
  • In the process of treatment, payment, or any healthcare operations.

Protected health information (PHI) and electronic PHI, or e-PHI, must be kept confidential and secure regardless of storage method.

Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act, or GLBA, requires all institutions that deal with customer finances to explain how, why, and when their information gets shared. The GLBA also requires that the data be securely stored. As for which institutions the act covers, the GLBA affects “companies that offer financial products or services to individuals, like loans, financial or investment advice, or insurance.”

The Economic Espionage Act

To protect intellectual property and trade secrets, Congress crafted the Economic Espionage Act (EEA). Violating the EEA by misappropriating documents containing such information carries harsh penalties, such as forfeiture of property and proceeds gained by breaking the law or even jail time.

Protect Your Clients with SEAM Shredding Services

Secure Enterprise Asset Management (SEAM) is ISO 45001 certified and follows stringent data security and destruction policies. That means if you’re looking for shredding services in North Dakota or South Dakota, you’ve come to the right place.

Contact SEAM today and keep your sensitive information safe in Sioux Falls and the surrounding areas! Ensuring you’re compliant keeps you in good graces with your customers and the government.