How Delaying Document Shredding Can Cause Compliance Violations

A white puzzle piece with the word "REGULATION" is being placed into a spot in a puzzle with the word "COMPLIANCE"You don’t need to be a hoarder to hang on to things unnecessarily. Maybe you’re a handyperson with shelves full of parts you might need someday, or perhaps you keep a ball of yarn that’s too small to use but too precious to discard. While keeping such items generally causes no harm other than cluttering your space, the same isn’t true for sensitive business documents. Delaying the destruction of these documents can lead to serious compliance violations with privacy laws.

How This Happens

There are several reasons you might delay destroying your documents, including:

  • Not knowing the retention periods for different document types: This lack of knowledge can lead to keeping documents longer than necessary.
  • Lack of a Document Destruction Policy: Without a clear policy, it’s easy for documents to pile up.
  • Belief that holding on to documents is safer: Some assume it’s better to keep documents than risk throwing away something important.
  • Broken shredding equipment: When shredders are out of order, documents often accumulate.
  • Employees’ habits: Employees may hold on to papers, notes, or memos longer than needed.
  • Misplaced or forgotten documents: Important documents might get filed away and overlooked.

Why This Is a Problem

Delaying the shredding of sensitive documents for any reason puts your business at risk. Here’s how:

  • Compliance Violations: You could be fined for not adhering to privacy laws.
  • Data Misplacement or Theft: Sensitive information left undestroyed is more likely to be misplaced, seen, or stolen by unauthorized individuals.
  • Reputation Damage: A breach can damage your business’s reputation and erode customer trust.
  • Legal Consequences: A data breach can result in lawsuits, especially if it harms an individual or another business.

Privacy laws like the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Fair and Accurate Credit Transactions Act (FACTA), and the Sarbanes-Oxley (SOX) Act require that Personally Identifiable Information (PII) and Protected Health Information (PHI) be protected and destroyed within specified retention periods. Documents involved in active audits or legal actions, and official records like birth, death, and marriage certificates, should not be shredded. Always check state laws for a complete list of documents that should not be destroyed.

How to Solve It

It’s crucial to protect any private information you collect, store, use, and share, and to ensure it is properly destroyed when no longer needed. According to the FACTA Disposal Rule of 2005, you must use disposal practices that prevent unauthorized access to information in consumer reports. This includes shredding, burning, or pulverizing documents so they can’t be read or reconstructed. Shredding is widely considered one of the best ways to destroy documents, but typical home and office shredders often don’t meet the required level of destruction for compliance. Here are some suggestions to help avoid delays and compliance violations:

  1. Outsource Your Shredding: Partnering with a professional shredding company ensures that your documents are destroyed securely and cannot be reconstructed. Reputable companies also recycle shredded material to protect the environment and provide a Certificate of Destruction as proof that your documents were properly shredded on time.
  2. Use Scheduled Shredding: A document destruction company can provide one-time or regularly scheduled shredding. Setting up a shredding schedule that fits your needs prevents delays in document destruction.
  3. Benefit from Shred Collection Containers: Securely locked containers provided by shredding companies allow you and your staff to safely store discarded documents until the scheduled shredding date. This prevents sensitive information from being seen, lost, or stolen in the meantime.
  4. Choose NAID AAA Certified: Selecting a NAID AAA Certified company saves you the hassle of researching for a reputable shredding service. NAID certification verifies that the company complies with all known data protection laws through regular and surprise audits by trained security professionals.

Richards & Richards is a NAID AAA Certified shredding company. We can shred your documents on-site at your location or off-site with our industrial-strength shredders. We can also set up a shredding schedule that fits your needs, provide shred collection bins, and supply a Certificate of Destruction when the job is complete. Call us at 615-242-9600 or complete the form on this page so we can help protect you and your business from compliance violations.

 

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Request an Immediate Shredding Quote

Newsletter Signup

  • This field is for validation purposes and should be left unchanged.