As you enter this frequently asked questions section of the site, I would like to introduce myself. I am Chewy – a mechanical shredding bull. Do not be intimidated by my appearance.
I’m only tough on paper documents and electronic waste. I am a part of the Balcones Shred family. Some even consider me to the brand mascot. Either way, I’m here to assist you with all of your questions and needs. So, sit back, buckle up and enjoy the read.
Why do I need to shred my documents?
First of all, It Is the law. Secondly, it is essential for your company to protect its interests.
Some organizations are required to destroy certain kinds of information. Currently, healthcare and financial services companies are mandated to comply with certain regulations set forth by HIPAA andFACTA. If ignored, organizations can face stiff financial penalties and hinder their reputation. Since September 2005, Texas House Bill No. 698 went into effect “relating to the disposal of certain business records that contain personal identifying information; providing a civil penalty.”
Your employees have a legal right to the protection of their personal information. Any information with regard to health insurance, payroll, applications and résumés should be protected.
Your customers entrust you with important information, and it is your company’s responsibility to protect their privacy and identity.
By discarding sensitive information in a sloppy way, you surrender ownership of that information. Shredding is the only way to make sure sensitive information is destroyed while you still maintain control of it.
What is Sarbanes Oxley?
The Sarbanes-Oxley Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called SOx or SarbOx, is a federal law passed in response to a number of major corporate and accounting scandals. These scandals resulted in a decline of public trust in accounting and reporting practices. The legislation is wide ranging and establishes new or enhanced standards for all U.S. public company Boards, Management and public accounting firms. The Act covers issues such as auditor independence, corporate governance and enhanced financial disclosure.
Among the Sarbanes-Oxley Act’s major provisions in one that includes a requirement that public companies evaluate and disclose the effectiveness of their internal controls. This particular requirement emphasizes the need for companies to have detailed information control systems – including secure disposal of obsolete business records.
What is HIPAA?
“HIPAA” or the Health Insurance Portability and Accountability Act of 1996, establishes national standards to protect individuals’ medical records and other personal health information.
- It gives patients more control over their health information.
- It sets boundaries on the use and release of health records.
- It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
- It holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients’ privacy rights.
- It strikes a balance when public responsibility supports disclosure of some forms of data – for example, to protect public health.
- For patients – it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.
- It enables patients to find out how their information may be used, and about certain disclosures of their information that have been made.
- It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.
- It generally gives patients the right to examine and obtain a copy of their own health records and request corrections.
- It empowers individuals to control certain uses and disclosures of their health information.
For more information about HIPPA’s specific requirements for the average health care provider, visit the privacy plan’s site.
What is the Gramm-Leach-Bliley Act?
The Financial Modernization Act of 1999, also known as the “Gramm-Leach-Bliley Act” or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and Pretexting provisions.
The GLB Act gives authority to eight federal agencies and each state to administer and enforce the Financial Privacy Rule and the Safeguards Rule. These two regulations apply to “financial institutions,” which include not only banks, securities firms, and insurance companies, but also companies providing various types of financial products and services to consumers. Among these services are lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and an array of other activities. These non-traditional “financial institutions” are regulated by the Federal Trade Commission.
The Financial Privacy Rule governs the collection and disclosure of customers’ personal financial information by financial institutions. It also applies to companies, whether or not they are financial institutions, who receive such information.
The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions “such as credit reporting agencies” that receive customer information from other financial institutions.
The Pretexting provisions of the GLB Act protect consumers from individuals and companies that obtain their personal financial information under false pretenses.
Does my state have specific requirements?
An increasing number of States and even individual cities have specific privacy legislation to protect consumers. Some of these laws specifically address privacy; others are incorporated into Deceptive Trade Practice or Credit Reporting laws. Most of this legislation requires recipients of “personal identifying information”, like Social Security Numbers, telephones numbers, names, and addresses, or some combination of that information to safeguard that information and properly dispose of it when it is no longer needed.
While you should consult your local legal advisor on your specific requirements, it is a safe bet that some aspect of your business is affected by one privacy law or another that will necessitate shredding your end-of-life business records.
What types of document destruction services are there?
Document destruction services fall into two broad categories: “On-Site” and “Off-Site.” These services are performed by companies ranging from the independent entrepreneur providing local service with a single truck or to large corporations with national capabilities and related services like document storage and imaging.
The type of service and company that you choose should relate to the volume of documents you have to destroy, the frequency you need service, your security policies, the flexibility and reputation of the service provider and lastly your budget. For example, very large volume purges and mixed media, like plastics, pharmaceutical bottles, and computer hard drives, don’t lend themselves well to on-site service.
What is on-site shredding?
On-site shredding involves performing destruction services at your location in your parking lot or loading dock area. It is most frequently done with large box type trucks that contain a shredder and a mechanism for lifting a container filled with documents up into the shredding unit. These trucks make multiple stops and can typically process 10 – 20 containers an hour. Some small operations may use enclosed trailers containing a shredder instead of a dedicated truck.
On-site shredding is advantageous when you must personally witness the destruction of your documents on a regular basis. There is also no risk that whole documents might be released into the open if the truck is involved in a significant accident.
Drawbacks include a potentially higher cost for the service, noise and congestion in the operating area, risk of losing documents as they are being loaded into the shred truck, and depending on the service provider, reliance on a single specialized and complicated piece of equipment. On-site shredding is also less environmentally friendly because of the extra fuel used and emissions generated by the truck.
What is off-site shredding?
Off-site shredding involves transporting containers from your facility to a central shredding location. Containers are typically transported in locked vans, box trucks or even tractor trailers depending on the volume. A large off-site operation might be capable of shredding 5 to 15 tons of material an hour or twice to ten times the capability of an on-site truck.
Off-site shredding is advantageous when you have a large volume of documents to be destroyed. The most common reasons for off-site shredding include: cleaning out many years of old files, if you have a large number of employees in a campus setting, or if your business is printing/processing intensive. Off-site shredding is significantly more efficient than on-site shredding because the equipment is faster and can operate continuously. Because off-site shredding is electrically powered, it makes less of an environmental impact than on-site shredding.
Due to liability issues, you are not allowed to witness off-site destruction. There is also some small risk of documents being released into the open if the transport vehicle is involved in an accident between your facility and the shredding plant.