It’s the Law

Businesses have a legal and ethical responsibility to safeguard personal, private and sensitive information. All businesses have occasion to discard confidential material; however traditional trash bins and dumpsters pose a huge security risk. The Federal Trade Commission estimates that as many as 10 million Americans a year are affected by Identity Theft, resulting in the loss of billions of dollars.

Document destruction ensures your privacy and that of your employees, customers, patients, students. Destroying all confidential documents greatly minimizes the risk of not only Identity Theft, but of corporate espionage and security breaches. Shredding takes place in our state-of-the-art trucks, at your location, and is certified secure by NAID.

Federal and state regulations have been established to require businesses to completely destroy, rather than simply discard information. These laws are an important effort to protect the rights and the privacy of consumers. Penalties are high for companies who do not comply, especially pertaining to the areas of health and finance. Coastal Secure Shredding ensures proper and complete document destruction.

Federal and State Document Destruction Laws

Both state and federal laws for document destruction cite a business’ responsibility to safeguard sensitive documents. Not only does the law dictate that sensitive materials must be disposed of properly, but businesses must also take care to pick a certified shredding company.

State of California

California Senate Bill 1386, the California Security Breach Information Act: A California state law requires that an agency, person or business that conducts business in California and maintains or licenses computerized “personal information” to disclose any breach of security to those individuals. California Civil Code 1798.80-84: Protects personal information about California residents, mandates how businesses shall destroy private information on California residents.

FACTA

Fair and Accurate Credit Transactions Act: signed into law in December, 2003, the Federal Act includes a number of provisions intended to combat crimes related to identity theft and consumer fraud. This Act requires the destruction of papers containing consumer information, and requires compliance with virtually every business or organization.

HIPPA

The Health Insurance Portability and Accountability Act (HIPPA) passed in 1996 and revised by Congress in 2000, HIPPA is a federal law that governs the handling of confidential medical and personal information and records. Fines and penalties may result from the disclosure of personal information; compliance is required by all companies that handle medical and personal information, including hospitals, hospice and home care, Medicare, etc.

Sarbanes—Oxley

Major provisions include a requirement that public companies evaluate and disclose the effectiveness of their internal controls. It is generally this requirement which addresses the need for companies to have detailed information control systems – including secure disposal of business records.

Gramm-Leach-Bliley Act (GLBA)

Mandates that all financial institutions establish procedures for protecting personal information, including the protection of discarded information, and respecting the “privacy of its customers”.

FERPA

The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records; improper disposal of student records may constitute an unauthorized disclosure under FERPA.

Identity Theft and Assumption Deterrence Act

The 1998 act looks at identity theft in two important ways. The Act strengthens the criminal laws governing identity theft. Specifically, the Act makes it a federal crime to knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law. The Act provides for a centralized complaint and consumer education service for victims of identity theft. The Act makes identity theft a Federal crime with penalties up to 15 years imprisonment and a maximum fine of $250,000. It allows for the identity theft victim to seek restitution if there is a conviction. Further information can be obtained online.

Disclaimer: These are only brief summaries of the laws. Consult a legal professional for more information.

What Documents Must I Destroy?

• Credit information
• Credit cards and statements
• Loan documents
• Financial and tax records
• Bank statements and cancelled checks
• Legal records
• Medical records
• Personal identification and social security numbers
• Insurance documents

Do It Yourself

Many companies opt to do their own shredding with a personal shredder from a stationery store.

---

Pros

• Small office shredders are cheap
• Shredders can fit over existing trash bins

Cons

• Personal shredders are slow, jam up, and require maintenance

• Personal shredders are not efficient or cost-effective
• Personal shredders take time away from real office work
• Staples, paper clips and rubber bands must be cleared
• Varying levels of security – non-compliant
• Personal shredders can produce pieces that can be reconstructed
• Office shredding doesn’t always get recycled
• More expensive considering time and long-term investment