Why Secure Document Shredding is Critical to Legal Compliance

 

 

 

If your organization has a legal department, it’s likely you’ve heard from them about the importance of securely shredding old documents. The compliance and legal ramifications of improperly disposing of old files could cost your company a lot of money — not to mention damage your reputation with the public. While each industry sets different regulations regarding data privacy, US laws and regulations clearly state that businesses must destroy or erase personal data that is no longer needed in a secure manner.

 

Whether it’s your organization’s sensitive data, client files and information, old tax and finance records, or HR documents related to employee onboarding or performance, when it’s time to destroy your documents, it’s important that you use a secure and trusted document shredding provider.

 

The Ponemon Institute, a research center dedicated to privacy and data protection, conducted a study and found:
 

  • One-third of respondents did not have a policy for the secure destruction of confidential documents.
     
  • While more than half (55 percent) train their employees on the secure disposal of confidential documents, only 38 percent say they are confident that the training helps ensure the secure disposal of confidential documents.
     
  • And an earlier study conducted by Ponemon Institute, the Security of Paper Documents in the Workplace, showed 71 percent of IT practitioners in U.S. companies said they were aware of an incident in which sensitive or confidential paper documents were lost or misplaced.

 

Secure Document Shredding and the Law

In the U.S., secure document destruction is required when a record contains personally identifiable information (PII). This usually includes information, such as a name, address, tax information, Social Security number or other data that can be used to identify an individual person.

 

Let’s take North Carolina state law as an example:

Under the Identify Theft Protection Act of 2005, businesses that manage the PII of any North Carolina residents must establish a document destruction policy for all private information, whether it be hard copy records or electronic files. 

 

Any organization that conducts business in North Carolina and any business that maintains or otherwise possesses personal information of a resident of North Carolina must take reasonable measures to protect against unauthorized access to or use of the information in connection with or after its disposal. This includes implementing and monitoring compliance with policies and procedures that require the destruction of papers containing personal information so that information cannot be practicably read or reconstructed. Should the law be breached, your organization is at risk to pay losses/damages relating to the exposure of PII.

 

For a list of data disposal laws by state, visit the National Conference of State Legislatures website.