Why Shred?
The Health
Insurance Portability and Accounting Act
(HIPAA), enacted by the federal government in
1996, is intended to safeguard the privacy of
patient health records. The law provides for
stiff penalties for companies found to be in
violation of HIPAA regulations.
A full text of HIPAA
regulations is available from the U.S.
Department of Human Services. (See
Links page.)
Gramm-Leach-Bliley Act (GLB)
The
Gramm Leach Bliley Act (GLB), also known as the
Financial Modernization Act of 1999, is a
federal law that forces a financial institution
to “respect the privacy of its customers and to
protect the security and confidentiality of
those customers’ non-public personal
information.” The law provides for stiff
penalties for companies found to be in violation
of its regulations.
For
more information about the Gramm Leach Billey
Act, see Links section.
FACTA
FACTA Law Makes Shredding More Important Than
Ever
By now, almost everyone in America is familiar with the term "identity theft."
Most businesses and a growing number of individuals are taking steps to protect
themselves from becoming the next victim of America's fastest growing crime.
Shredding documents for disposal has always been a vital step in preventing ID
theft, but in June of 2005, the Disposal Rule section of the FACTA security law
was enacted which makes shredding a necessity for businesses of any size, as
well as individuals who employ even one person.
FACTA Disposal Rule Defined
Developed by the Federal Trade Commission, FACTA stands for Fair and Accurate
Credit Transactions Act. Designed to minimize the risk of identity theft and
consumer fraud, the Disposal Rule section of FACTA became law on June 1, 2005.
The Disposal Rule states that any person who maintains or otherwise possesses
consumer or employee information for a business purpose is required to properly
dispose of the information. This includes information used, or expected to be
used, to establish eligibility for credit, insurance, or employment. In
addition, all information contained in or derived from consumer reports and
records must be properly disposed to protect against unauthorized access to or
use of the information. This part of FACTA was developed to cut down on the
incidences of identity theft by, among other methods, restricting the ability of
thieves to "dumpster dive" for valuable consumer information contained in
discarded business records. The Disposal Rule goes on to say that all employers
must take "reasonable measures" to protect against unauthorized access to or use
of the information in connection with its disposal. These measures include:
- burning, pulverizing, or shredding of physical
documents
- erasure or destruction of all electronic media
The main difference between the FACTA Disposal Rule and
previously existing security laws such as HIPAA, Sarbanes-Oxley, and Gramm-Leach-Bliley
is that it does not affect a single industry - it affects every business and
many households in America.
Are You Affected by FACTA?
If you employ someone, then the FACTA Disposal Rule affects you. Every employer
in the US is required to properly and effectively destroy all documents and
material that contain sensitive employee or consumer information. Specifically,
this applies, but is not limited to:
- businesses that use consumer information in their
everyday operations, such as banks, lenders, insurers, auto dealers,
realtors, and medical facilities
- service providers that store consumer reports and
information, such as record and information management companies
- service providers that destroy information, such as
recyclers, waste management or technology disposal companies
Importantly, the FACTA Disposal Rule is not limited to only
companies or small businesses. It affects you as the homeowner as well. If you
hire a nanny, tutor, yardman—anybody whose employment requires the exchange of
sensitive information—you are responsible for the handling and disposal of that
information. If you don't shred and information leaks out, you could be subject
to civil or class-action lawsuits, as well as state and federal fines.
Shredding is Your First Line of Defense
Often, the first thing people think about when it comes to data security is
their computers. Viruses, hacking - they're all over the news and on people's
minds. It's true that hackers pose a threat, but so does your trash can.
Firewalls and security programs will not protect you from "dumpster diving,"
which remains the most common means of collecting information used in identity
theft. A quality shredder is always your first line of defense.
Our extensive line of shredders offers the perfect solution for protecting
employers as well as employees. Convenient and easy to use, our shredders have
set the world standards for quality engineering. Unlike shredders from office
superstores, the cutting heads on our shredders are made of the highest quality
tempered steel to ensure years of reliable service and many are backed by a ten-year
warranty. Our shredders may cost a little more than superstore shredders, but
they won't have to be replaced every few years.
Our shredders also provide the peace of mind that comes from knowing your
materials are shredded at the source. Off-site services will come to your
location and shred your sensitive materials, but that means endless expense and
one more point of human contact (set of eyes) added to the disposal process.
With our shredders at your business location or home office, you eliminate the
potential for a wide range of security problems.
Back to Basics
Laws like the FACTA Disposal Rule are enacted to try and curb the identity theft
epidemic. In 2004, 10 million people were victims of identity theft. Not only is
the number of victims increasing, the number of identity thieves is increasing
as well, and the threat they pose will only continue to grow. Getting back to
the basics of simply destroying sensitive documents at the source with a
reliable shredder makes perfect sense - now more than ever.
Explore our website, or
contact us to learn
more about the many shredding options available
to youThe
text:
Section 682.3 of the law states: “Any person who
maintains or otherwise possesses consumer
information, or any compilation of consumer
information, for business purposes must properly
dispose of such information by taking reasonable
measures to protect against unauthorized access
to or use of the information in connection with
its disposal.”
Shredding of such documents “so that the
information cannot be practicably be read or
reconstructed” meets the law’s standard.
For more information about the Fair and Accurate
Credit Transaction Act, see Links section.
Back to Top
Identity Theft
Identity theft is the fastest growing crime in
the United States. Businesses are entrusted with
all types of confidential information, and each
business needs to do their part to prevent
identity theft by safeguarding this information.
Destroy your confidential documents in order to
protect your employees, your clients or patients
and yourself. Documents containing names,
addresses, Social Security numbers, credit card
and bank account numbers, etc. should be
shredded when they are no longer needed.
Back to Top
Corporate Security
Your information—in the form of business plans,
product designs, account lists, business
proposals, blueprints, and drawings—is the
foundation of your company. Discarded
information that makes its way into
wastebaskets, garbage cans, and dumpsters is the
single most available source of competitive and
private data about your company. It’s this
information that has all the makings of
corporate espionage.
-
Customer Account lists
-
Business Plans
-
Plans for New Products
-
Financial Statement
-
Payroll Data
-
Cancelled checks
When it comes to stealing corporate secrets by
retrieving documents from trash cans and
dumpsters:
-
The law is firmly on the side of the “bad
guys.”
-
Courts have consistently ruled that by
discarding data into the trash, you have
indicated that it is of no value to you.
-
The taking of this “useless information,” no
matter what the intent, is protected by the
law.
-
Shredding discarded material will render it
unreadable—hence, useless—to those
attempting to capitalize on your
information.
Back to Top
Internal Security
Document shredding is
necessary to maintain internal security.
However, only employees with security clearance
should be
responsible for destruction of certain sensitive
documents, such as payroll data, personnel
records, and materials that involve labor
relations or legal affairs. Potential dangers
also arise when rank-and-file workers are asked
to destroy competition-sensitive data.
Back to Top
Links that pertain to the
document destruction issue
GLB
http://www.ftc.gov
http://banking.senate.gov/conf/confrpt.htm
FACTA
http://www.privacyrights.org/fs/fs6a-facta.htm
HIPAA
http://www.hhs.gov/ocr/privacysummary.rtf
Identity Theft
Federal Trade Commission
Department of Justice
Clearinghouse of Identity Theft
Back to Information Library
Go to Shredder Index
|