Shredding Laws and Your Business

It is no longer a matter of common courtesy for you and your business to shred your customers’ confidential information. The rise in identity theft crimes has caused congress to act by passing three major pieces of legislation that require businesses to completely destroy any documents containing certain kinds of sensitive information before discarding. The penalties and fines can be steep, ranging from $1000 to $500,000, not to mention the risk of civil litigation and liability. The three pieces of legislation are known as FACTA, HIPAA, and GLB. In this article we will dive into each of these regulations, how you can best comply, and what the risks of non-compliance are.

1. Fair and Accurate Credit Transaction Act. Also known as FACTA, This law was signed into effect in 2003. FACTA was designed specifically to reduce the growing risks of credit, idenity, and consumer fraud, by requiring businesses to properly destroy confidential information upon discarding it. Not only applying to businesses, the disposal rule essentially applies to every person in the US. The information that must be discarded include: address information, employment histories, credit histories, and social security numbers. The penalties for non-compliance can be pretty steep. Other than putting yourself at risk for a civil suit and the attending legal costs, if it can be proven that your mishandling of sensitive info resulted in an identity crime being committed, your state can fine you $1000 per infraction, and the feds can nip you for $5000 per incidence.
2. Health Insurance Portability and Accountability Act. Known as HIPAA, this regulation applies to the health care industry, and is intended to prevent abuses of personal health information, including unauthorized access. The Institutions that are required to comply with the regulation are called “Covered Entities,” and include all organizations and even individuals, who collect health-care related information. This can include doctors, urgent care centers, hospitals, billing centers, and even collection agencies. According to HIPAA, all covered entities must have documented policies that define the measures they have instituted to prevent unauthorized access. Non-compliance in this case could cost the offender a whopping $500,000.
3. Gramm-Leach-Bliley Act. The GLB Act applies to financial institutions and requires any companies that are engaged in financial activities go provide secure handling of client records and information. Companies that would be included in this are banks, mortgage companies, insurers, and investment houses.

You may be surprised to hear that it is not against the law for someone to go through your trash. A 1988 Supreme Court ruling stated that once the trash is left for pickup, it is public domain. This is an easy way for your business to lose its competitive edge, as well as its customers’ confidential information. With the ease and convenience that is afforded by having your own shredders in house, there is no reason for your business to put itself at risk. One quick and easy solution is for all of your employees who handle and regularly discard confidential information to have their own desk side shredders. Or you can place a larger shredder in a central location in your office. Either way, you need to make sure that you protect your business and your clients by shredding all confidential information.