DOCUMENT RETENTION COMPLIANCE
In today’s world with the rising number of identity theft cases, Federal and State regulations are very strict in terms of document handling and destruction. This is especially true for the medical, financial, and legal fields.
These regulations and retention compliance guidelines are built to protect personal information. However, as with anything in this world, the laws must update to keep up with the criminals and can easily become difficult to navigate.
SOME OF THESE REGULATIONS AND RETENTION COMPLIANCE GUIDELINES INCLUDE:
- HIPAA: passing in 1996, this law regulates Personal Health Information, or PHI. This law put regulations in place to protect the patients’ private records as well as to prohibit the sharing of these records. Medical offices and healthcare professionals need to take great care in hiring a HIPAA compliant document shredding company so as to not face large fines.
- FACTA: The Fair and Accurate Credit Transactions Act is an all-encompassing law which enforces business of all sizes, even those employing one person, to shred all personnel-related documents before throwing them out in order to try to prevent dumpster divers from capturing sensitive, personal information. Unlike the other regulations, this one is not industry specific.
- RED FLAG: This is a law issued by the FTC, NCUA, and the federal bank regulatory agencies as part of the FACTA regulation was created to help stop identity theft. The law requires financial organizations and creditors to create written theft prevention programs.
- GRAMM LEACH BLILEY ACT: this law, signed in 1999, is also known as the Financial Modernization Act of 1999, requires financial organizations to provide customers with written privacy notices that explain the information sharing practices of the organization. It is broken into three parts, Privacy, Safeguards, and Pretexting Provisions. Of these, the Safeguards Rule states that financial organizations have certain security programs and protocols to protect the private information that they gather.
SHRED LEVEL STANDARD
GUARANTEED DOCUMENT SECURITY
When purchasing a paper shredder for either your home or office, there is a lot to consider. Besides the obvious: the price, shredding capacity and ability to handle paper fasteners; you need to think about the security that the machine offers.
WHAT IS YOUR SHRED LEVEL STANDARD?
There are several types of shredders available and they range in security level:
STRIP-CUT
The most basic and least secure. Rotating knives cut paper into narrow strips
CROSS-CUT (CONFETTI-CUT)
2 rotating drums can cut rectangular, parallelogram, or diamond-shape pieces
PARTICLE-CUT
Creates tiny squares or circular shapes
PIERCE-AND-TEAR
Rotating blades that pierce the paper and then tear it apart
INTERNATIONAL SECURITY LEVEL STANDARD
The previous security shred level standard has recently been upgraded to now 7 Levels of security (http://www.din-66399.com/index.php/en/securitylevels). This means that depending on which Protection Class your documents fall under, you need to adhere to the qualified security standard in order to remain in compliance with regulations. The security levels dictate the width and particle size for the respective class of documents. These depend on whether they are general internal documents or internal documents that contain sensitive data, all the way up to documents that contain strictly confidential information. The most secure standard receives approval by the NSA/CSS for top-secret document shredding.
While most professionals don’t need that level of security, any business that needs to meet FACTA requirements needs to use a shredder with a security level above 4, and some will need a security level of 6 which is for confidential information. It should be noted that HIPAA does not have a minimum required security level, but it is recommended to at least use a shredder with a security level of 3, with cross-cut as the preferred method of destruction.