Male lawyer in the office with brass scale.Leading a thriving organization is hard work, and when something slips through the cracks that causes lawyers to come knocking on your door, it quickly derails your effectiveness and becomes counterproductive to your mission and purpose—not to mention the financial ramifications.

Some of these “cracks” in the records management process can be fixed with some extra attention or outside help. One area that is often overlooked is the need to destroy sensitive information immediately at the end of its lifecycle. If a data breach occurs, your organization could face:

  • Investigations
  • Audits
  • Lawsuits
  • Fines
  • Sanctions
  • Damage to your reputation and brand
  • Loss of customer trust
  • Heavy financial losses

However, if you are diligent in destroying expired records, you’ve taken the first step toward fending off the lawyers.

Shred Business Documents

Federal records management regulations—like The Health Insurance Portability and Accountability Act (HIPAA), The Fair and Accurate Credit Transaction Act (FACTA), The Sarbanes-Oxley Act (SOX), and the Privacy Act of 1974—all clearly lay the responsibility of destroying all Personally Identifiable Information (PII) at the end of its lifecycle on the creator of that information. Regulations define documents’ legal retention periods, and they must not be destroyed before—or kept beyond—the end of that period.

Each day a record is kept beyond its retention period increases the risk of a data breach, so they should be removed and shredded as soon as that moment arrives. Buying a shredding machine seems like the solution, but it’s not a secure process and there is no auditable chain of custody or proof destruction has taken place. Unfortunately, leaving shredding to office staff only increases your risk of a data breach. Instead, here are some suggestions.

  1. Have a plan. Shred everything that doesn’t need to be kept. This eliminates the decision-making process of what does and doesn’t need shredding. To determine what to keep and what to shred, check the records retention guidelines for Tennessee.
  2. Have a retention system in place. Know the dates for every document created and have a process to make sure documents are removed for destruction at the end of their lifecycle.
  3. Have a secure document destruction process. When paper documents are ready to be destroyed, have them securely shredded immediately to avoid a security risk. Working with a NAID AAA Certified shredding company that provides you with locked shred collection containers and regularly transports your documents to their secure facility for shredding is ideal. Not only is this process compliant and secure, but your shredded paper can also be properly recycled and kept out of the landfill.

Shred Hard Drives and Other Electronic Media

Data protection laws not only apply to your business paper documents, but also to your hard drives and other electronic media as well. Any form of PII must be destroyed before disposing of it, no matter how the information is stored. This means that all discarded electronic devices, drives, CDs and DVDs, X-rays, tapes, microfilm, and magnetic media must also be destroyed.

Don’t store damaged, outdated, or unused electronic devices. This just puts them at risk of being accessed by unauthorized people. Physically shredding these electronics is the only way to be sure their data can never be breached, since deleted or erased information on these devices can still be accessed. Reputable shredding companies will also be able to recycle these materials properly, removing harmful materials from being dumped in landfills.

Shred Products

Consider these scenarios:

  • A person uses a discarded law enforcement or security uniform for unauthorized purposes.
  • A disgruntled ex-employee uses your company’s badge, uniform, or some other identifier to enter the premises of another business or home.
  • An employee takes home factory seconds and gives them to their friends, then someone is injured by the product.

These are just a few examples of the hundreds of possibilities that could send lawyers your way. This is why saving, selling, or giving away unused labelled products is a serious mistake. Throwing them in the garbage won’t help safeguard you against them being retrieved either. It’s vital that your company’s identity is used properly and unused products are also destroyed.

Utilizing the professional services of a reputable, NAID AAA Certified shredding company will help fend off unwanted legal issues.

Richards & Richards provides NAID AAA Certified shredding services to businesses and residents of Nashville. Just give us a call at 615-242-9600 or complete the form on this page and our experts will happily help you protect the sensitive information you are responsible for.