Why Shred?

  • document_storage1Not only is it a good idea to shred sensitive documents - for most businesses, it is the law. All of the laws below describe a business’ responsibility to safeguard sensitive documents.

    Not only does the law dictate that sensitive materials must be disposed of properly, but businesses must also take care to pick a reputable shredding company. We would like to be your Indiana document destruction company. Please take a moment to check out our credentials, and then e-mail us for a prompt, free quote.

    Below you will find some basic information about the laws that pertain to how a business MUST protect sensitive documents. Please use this as a guideline and allow us to work with you to come up with a document management plan.

  • The Health Insurance Portability and Accountability Act (HIPAA) of 1996 ensures healthcare organizations in the United States will be responsible for the secure handling and storage of “protected health information”.

    The HIPAA legislation has three objectives:

    1. Reduce healthcare fraud and abuse
    2. Guarantee security and privacy of health information
    3. Enforce standards for health information

    HIPAA Penalties:

    HIPAA Non-compliance can have devastating consequences to non-conforming healthcare organizations. HIPAA applies criminal penalties to anyone violating the law – not just the company. Employees, business associates, and others who handle “protected health information” are all potentially liable for mishandling confidential information. A non-conforming organization, or individual, can be subject to severe fines and penalties, litigation and negative publicity. Non-compliance can result in the following penalties:

    • Civil fines up to $25,000 / year
    • Criminal penalties up to $250,000 as well as, up to 10 years in prison (Information Management Journal 2003)

    Examples of Items to Shred due to HIPAA:

    • Patient Medical Records
    • Billing Records
    • Insurance Records
    • X-Rays
    • Prescriptions
    • Personal Health Information
    • Computer Disks and Hard Drives

    Further information can be found at http://www.cms.hhs.gov/HIPAAGenInfo/

    DISCLAIMER: This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to your business.

  • Irresponsible handling of confidential and sensitive consumer data has long been cited as a contributing factor to identity theft. Confidential and sensitive data discarded by a business or institution provides a prime opportunity for a thief to access personal data. A well-known practice known as 'dumpster diving' is often claimed by thieves themselves as the source of the data that allowed them to commit the identity theft. Just ask any private detective what their standard charge is for “dumpster diving”.

    This law applies to virtually every person and business in the United States. It requires the destruction of all consumer information before it is discarded and has potentially severe penalties against violators. The Act states “any person who maintains or otherwise possesses consumer information for a business purpose” must “properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal”.

    Reasonable measures are defined by the Act as “burning, pulverizing, or SHREDDING OF PAPERS containing consumer information”. Another alternative is for a company to enter into an agreement “with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with this rule”.

    Both the Federal government and State government are authorized to bring enforcement actions against violators of FACTA. There are also civil liability issues and class action lawsuits that can provide potentially severe financial penalties for violators.

    Further information can be obtained online athttp://www.ftc.gov/os/statutes/031224fcra.pdf

    DISCLAIMER: This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to your business.

  • The Gramm-Leach-Bliley Act (GLBA) of 1999 requires all financial and banking institutions in the United States to describe how they will protect the security and confidentiality of consumer information in their possession.

    Violations of GLBA:

    If your organization is found non-compliant to GLBA, your organization could be subjected to severe fines and class-action lawsuits.

    GLBA Penalties:

    Fined up to $100,000 for each violation
    The officers and directors of the financial institution could be subject to, and personally liable for, a civil penalty of up to $10,000
    Possible imprisonment for up to five years
    The Gramm-Leach-Bliley Act applies to the following types of organizations:

    Banks
    Companies that operate travel agencies in connection with financial services
    Credit Unions
    Securities Brokers
    Real Estate Appraisers
    Retailers that issue their own credit cards directly to consumers
    Insurance Companies
    Other entities involved in financial activities
    Automobile Leasing Companies
    Further information can be found online athttp://www.ftc.gov/privacy/privacyinitiatives/glbact.html

    DISCLAIMER: This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to your business.

  • The Identity Theft and Assumption Deterrence Act of 1998 looks at identity theft in two important ways.

    1. The Act strengthens the criminal laws governing identity theft. Specifically, the Act makes it a federal crime to knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.
    2. The Act provides for a centralized complaint and consumer education service for victims of identity theft.

    The Act makes identity theft a Federal crime with penalties up to 15 years imprisonment and a maximum fine of $250,000. It allows for the identity theft victim to seek restitution if there is a conviction.

    Further information can be obtained online athttp://www.ftc.gov/os/2000/09/idthefttest.htm

    DISCLAIMER: This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to your business.

  • This Act protects certain federal government records pertaining to individuals. In particular, the Act covers systems of records that an agency maintains and retrieves by an individual's name or other personal identifier (e.g., social security number, phone numbers, etc.).

    In general, the Privacy Act of 1974 prohibits unauthorized disclosures of the confidential records the Act protects. The Privacy Act of 1974 does not protect the privacy of your records that are not maintained by the federal government (e.g., credit report, bank account and medical records).

    If their confidential records are disclosed to outside parties, even by accident, it could be grounds for a lawsuit.

    Further information can be found at http://www.ftc.gov/foia/privacy_act.htm

    DISCLAIMER: This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to your business.

  • The Sarbanes-Oxley Act was signed into law on July 30, 2002 and introduced highly significant legislative changes to financial practice and corporate governance regulation. The act followed a series of very high profile scandals, such as Enron. It is also intended to 'deter and punish corporate and accounting fraud and corruption, ensure justice for wrongdoers, and protect the interests of workers and shareholders' (Quote: President Bush).

    The primary intent of the Sarbanes-Oxley Act is to force publicly held companies to promptly make available and maintain all meaningful business related information in order to protect the investing public. While Sarbanes-Oxley requires the development and maintenance of detailed corporate financial information, cleansing computer systems of unnecessary files is an essential task.

    During the course of a lawsuit, when a plaintiff comes and says 'Give me all your data', you've got to give them all your data – both paper and electronic. The plaintiffs use these discovery processes to try and find out as much information as possible. According to Douglas Young, a lawyer at Farella Braun & Martel in San Francisco, 'If records are destroyed in the normal course of business, it is very difficult to prove that anyone is trying to obstruct justice'.

    Properly documented disposal of paper and electronic records is absolutely essential in today's litigious society. Shredding Unlimited can provide you with a free consultation on how you can establish a regularly scheduled document and media destruction program.

    Further information can be obtained at http://www.sec.gov/rules/final/33-8183.htm

DISCLAIMER: This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to your business.