Hiring a secure shredding company is an important part of protecting confidential information, but it’s not the only piece of the puzzle. Organizations should also be aware of which privacy regulations apply to them as well as how they affect day-to-day business. All companies should have a written shredding and information retention policy so that all employees are aware of the legal requirements when dealing with secure information.
Some of the most common regulations affecting businesses include the following:
- Fair and Accurate Credit Transaction Act (or FACTA) requires all businesses that offer credit to destroy any and all personal information relating to an individual.
- HIPAA should be a primary concern for anyone handling medical records and it’s not just doctors’ offices — it’s the entire HR department! Whether you have 10 employees or 200, your company has a responsibility to protect the private information you collect in the course of running your business. Applicants who apply and do not gain employment have legal recourse if their personal information is discarded improperly. Former employees have the same legal remedies.
- Numerous privacy regulations dictate safeguarding standards for the confidential information contained in legal documents. The Gramm-Leach-Bliley Act (GLBA) requires financial institutions (broadly defined) to safeguard the consumer information they collect.
In today’s world, we are duty bound by the government to protect what we refer to as the three “C’s”: Care, Custody and Control. While some organizations are aware of the privacy regulations specific to their industry, many are not. What’s more is that not making a reasonable effort to abide by these requirements could put the organization at risk of liability. Unfortunately, some have even had to explain that to a judge or jury when a trial lawyer puts them on the stand. Obviously, this is not a position anyone wants to be placed in.
So, having a shredding service is only part of your solution from a best practices standpoint. As an owner or HR Manager, consider developing a retention schedule of what information is required to be kept and for how long. Absent a written retention policy, you leave it up to well meaning uninformed staff to decide what to keep, how long to keep it and what to dispose of and how.
No matter how well intended, you’re not providing a reasonable level of Care, Custody and Control without a written policy that details the process.
Call Office Shredding and get a free quote. Our motto is “We shred today to secure your tomorrow.”