 |
 |
 |
 |
||||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
||||||
 |
|
||||||||||||||
WHAT DO I NEED TO KNOW about shredding my documents?Why do I need to shred my documents? What is the Gramm-Leach-Bliley Act? Does my state have specific requirements? What types of document destruction services are there? What is plant-based shredding? How do shredding services charge? Wouldn’t it be less expensive to shred in-house? How much paper do I need to justify a shredding service? I have a lot of file boxes, how do I clean-out my old records? Our company has locations across the country, is it better to have a “national contract”? I need my documents “cross-cut” don’t I? What is a “Certificate of Destruction”? Isn’t recycling the same as document destruction? Will my document storage company destroy my records for me? Why do I need to shred my documents? Reason #1: Reason #2: Reason #3: Reason #4: Reason #5: The Sarbanes-Oxley Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called SOx or SarbOx, is a federal law passed in response to a number of major corporate and accounting scandals. These scandals resulted in a decline of public trust in accounting and reporting practices. The legislation is wide ranging and establishes new or enhanced standards for all U.S. public company Boards, Management, and public accounting firms. The Act covers issues such as auditor independence, corporate governance and enhanced financial disclosure. Among the Sarbanes-Oxley Act’s major provisions in one that includes a requirement those public companies evaluate and disclose the effectiveness of their internal controls. It is generally this requirement that gives attention to the need for companies to have detailed information control systems – including secure disposal of obsolete business records. “HIPAA” or the Health Insurance Portability and Accountability Act of 1996, establishes for the first time national standards to protect individuals’ medical records and other personal health information.
For patients – it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.
For the average health care provider or health plan, the Privacy Rule requires activities, such as:
Responsible health care providers and businesses already take many of the kinds of steps required by the Rule to protect patients’ privacy. Covered entities of all types and sizes are required to comply with the Privacy Rule. To ease the burden of complying with the new requirements, the Privacy Rule gives needed flexibility for providers and plans to create their own privacy procedures, tailored to fit their size and needs. The scalability of the Rule provides a more efficient and appropriate means of safeguarding protected health information than would any single standard. For example,
The Financial Modernization Act of 1999, also known as the “Gramm-Leach-Bliley Act” or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and Pretexting provisions. The Financial Privacy Rule governs the collection and disclosure of customers’ personal financial information by financial institutions. It also applies to companies, whether or not they are financial institutions, who receive such information. The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions “such as credit reporting agencies” that receive customer information from other financial institutions. The Pretexting provisions of the GLB Act protect consumers from individuals and companies that obtain their personal financial information under false pretenses.
An increasing number of States and even individual cities have specific privacy legislation to protect consumers. Some of these laws specifically address privacy; others are incorporated into Deceptive Trade Practice or Credit Reporting laws. Most of this legislation requires recipients of “personal identifying information”, like Social Security Numbers, telephones numbers, names, and addresses, or some combination of that information to safeguard that information and properly dispose of it when it is no longer needed. While you should consult your local legal advisor on your specific requirements, it is a safe bet that some aspect of your business is affected by one privacy law or another that will necessitate shredding your end-of-life business records.
Document destruction services fall into two broad categories: “On-Site” and “Off-Site” or “In-Plant”. These services are performed by companies ranging from the independent entrepreneur providing local service with a single truck or location to large corporations with national capabilities and related services like document storage and imaging. The type of service and company that you choose should relate to the volume of documents you have to be destroyed, the frequency you need service, your security policies, the flexibility and reputation of the service provider, and lastly your budget. Very large volumes and mixed media, like plastics, pharmacy bottles, and computer hard drives, don’t lend themselves well to on-site service. Off-site service may not be the answer if a shredding company cannot satisfy your security requirements. On-site shredding involves performing destruction services your location out in your parking lot or loading dock area. It is most frequently done with large box type trucks that contain a shredder and a mechanism for lifting a container filled with documents up into the shredding unit. These trucks make multiple tops and can typically process 10 – 20 containers an hour. Some small operations may use enclosed trailers containing a shredder instead of a dedicated truck. On-site shredding is advantageous when you absolutely must personally witness the destruction of your documents on a regular basis. There is also no risk that documents might be released into the open if the truck is involved in a significant accident. Drawbacks include a potentially higher cost for the service, noise and congestion in the operating area, risk of losing documents as they are being loaded into the shred truck, and depending on the service provider, reliance on a single specialized and complicated piece of equipment. On-site shredding is also less environmentally friendly because of the extra fuel used and emissions generated by the truck.
Plant-based or “off-site” shredding involves transporting from your facility containers to a central shredding location. Containers are typically transported in locked vans, box trucks, or even tractor trailers depending on the volume. A large plant-based operation might be capable of shredding 5 to 15 tons of material an hour or twice to ten times the capability of an on-site truck. Plant-based shredding is advantageous when you have a very large volume of documents to be destroyed. The most common reasons for plant based / off-site shredding include: cleaning out many years of old files, if you have a large number of employees in a campus setting, or if your business is printing/processing intensive. Plant-based shredding is significantly more efficient than on-site shredding because the equipment is faster and can operate continuously. Because plant-based shredding uses less fossil fuel, it makes less of an environmental impact than on-site shredding. It is not as convenient to witness the destruction of your documents when they are shred off-site. However, most reputable companies will work with you to allow you to visit their plant to witness your destruction job. There is also some small risk of documents being released into the open if the transport vehicle is involved in an accident between your facility and the shredding plant.
Some shredding companies charge by the service, some charge by weight, and some charge by time. Each method has advantages and disadvantages, but generally it is easiest to control your expenditure if you are charged by the service. You can always count the number of containers that are going to be serviced and know what you are going to spend. If you are charged by weight, you need to know how accurate the scale being used is and if you are being charged for the weight of the container. If you are being charged by time, then you need to know how fast the shredding company’s machine is and how quick the service personnel will be to service your needs. Pricing varies widely by geographic market, type of service, and the volume of material to be shred. A single bin or console in an outlying area that is serviced one time per month will cost more for each service than twenty bins containing all white paper serviced each week at a single location that is in an area where a shredding company has numerous customers. This is because time between service stops is a major cost factor for a shredding company. If you are soliciting services, remember that price alone is not a purely apple-to-apples comparison. “Price” is not the same as “value” and the low cost bid may not always be the best value.
The only way utilizing your own shredder is less expensive is if your employees don’t use it. When your organization destroys everything that is should, it is far less expensive to outsource than to shred ‘in house.’
An office with only a few employees can produce over 100 pounds of paper every month. That correlates into many hours spent feeding a few sheets at a time into a small office shredder. It is far more secure, economical and convenient to collect these materials in a secure container than for you to try to keep up with it.
Contact one of our sales associates and they will be happy to provide you with a free service assessment. Find a sales associate near you.
National contracts are great if you don’t care about customer service. Usually these arrangements offer lower pricing, but when you need a quick response or want to speak with a local representative, frustrations typically exceed the “lower rate.” “NAID” is the National Association for Information Destruction, Inc. It is the trade association for companies providing information destruction services. NAID’s mission is to promote the information destruction industry and the standards and ethics of its member companies. When selecting a service, you should always make sure the company you select is a NAID member. In doing so, it will ensure the shredding company you are working with adheres to the industry standards. Unlike conventional strip shredders, which require a two-step process for cross-cut consistency, rotary grinding performs this process in one pass offering selectable and consistent shred size for ultra-secure shredding. The rotary grind process is the latest and greatest in shred technology.
No. The term “cross-cut” is an older term that has traditionally been used to counter the ancient and less secure method of strip shredding. Cross-cut is obviously more secure than strip shredding, but the majority of the new high volume shredders use a rotary grind system.
A Certificate of Destruction (COD) is a document that a shredding firm provides its customer(s) that includes some or all of the following elements: a unique serialized transaction number, the transfer of custody, a reference to the terms and conditions, the acceptance of fiduciary responsibility, the date the information ceased to exist, the location of the destruction, and the witness to destruction. The COD is free of charge and is usually issued with the customer invoice.
While recycling ultimately results in the destruction of your documents through the pulping process at a paper mill, sensitive documents may be available for anyone in a recycling facility or paper mill to see. Different recycling companies have different approaches to their operations, transportation, and hiring practices, not all of which may offer the best possible security for your documents. If document security and proof of destruction is an absolute requirement, specify shredding to ensure destruction. Shredded paper winds up going through the recycling process, so the environmental benefits of recycling are retained.
Although they don’t like to permanently remove your files from their shelves, most document storage companies will arrange for the destruction of your outdated files. It is very important to understand exactly how they will do this. You may request ‘destruction’ of the files, but this may not be the same as actually shredding the files. Some storage companies will simply deliver the files to a paper recycling facility where they will be baled and sold to paper mills and call this ‘destruction’. Practically speaking, this does result in the ‘destruction’ of your files, but documents may be significantly exposed to whoever may even casually see them in the recycling facility or paper mill. If true destruction is required, be certain to specify that your files be shred and to understand who will do the shredding and how. Ask the same questions you would if you were hiring a shedding company and always demand a Certificate of Destruction validating your documents were destroyed accordingly. |
    |
|
|||||||||||||
|
|||||||||||||||
        |
|
||||||||||||||
|
|||||||||||||||
|
|||||||||||||||
|
|
|
||||||||||||||
|
|
|
|
|
|
|
|
|
|
||||||
Copyright 2007 SHRED Document Destruction, Inc.