How well do you know federal and state paper shredding laws? Paper is a necessity for businesses, and how we keep and dispose of documents largely depends on its contents, and the rules and regulations. You can’t just toss any old document in a trash receptacle, as it may contain confidential business, employee, or customer information. For businesses, not only are there federal laws that govern how and when you destroy documents, there are also state laws, too. Non-compliance can result in fines and penalties, so to be sure you’re following all applicable laws, your best bet is to work with a certified document destruction specialist, like Legal Shred, to take the guesswork out of what should be shredded and what should be retained.
Federal paper shredding laws govern specific industries –
The Health Insurance Portability Accountability Act, or HIPAA, requires healthcare providers to regularly shred documents containing information on patients’ medical histories. Do you need to be HIPAA compliant? The short answer is: if you handle protected health information (PHI), then absolutely yes, you need to be HIPAA compliant. Failure to do so can result in potential civil and criminal penalties.
The Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999 is commonly pronounced “glibba.” GLBA compliance is mandatory; whether a financial institution discloses nonpublic information or not, there must be a policy in place to protect the information from foreseeable threats in security and data integrity.
A federal law known as the Sarbanes Oxley Act enhances corporate responsibility, financial disclosures, and it is designed to combat corporate and accounting fraud. One major provision requires companies to have detailed information systems in place, including secure disposal, such as paper shredding, of obsolete business records.
In addition to federal laws, each state has its own set of provisions to protect the information of consumers. For example, the Florida Information Protection Act imposes data protection and breach reporting requirements on any type of business. Any business that stores, maintains, or uses a consumer’s personal information must not only take protective measures to secure it, but to report it if anything has been compromised.
In Georgia, failure to destroy and dispose of records properly will result in a $500 to $10,000 fine.
In Massachusetts, all paper records that have met their retention period must “either redacted, burned, pulverized or shredded.” Electronic media must also be sufficiently destroyed.
When It Doubt, Outsource
With several laws mandating the protection of client and employee information, outsourcing your shredding is a very easy way to make sure you are in compliance with many of them. Legal Shred offers the comfort of knowing that you are following all the rules, privacy and paper shredding laws.
Contact Legal Shred today!