Shredding is more than just a document disposal method. It’s  a way to protect sensitive information, maintain customer and employee  privacy, and prevent identity theft. It’s also the law—federal  regulations like FACTA dictate how organizations should execute document  destruction. Failing to follow these rules can result in massive fines,  legal troubles, and damages to your brand’s reputation.

What is FACTA?

FACTA stands  for the Fair and Accurate Credit Transactions Act. It was passed in  2003 as an amendment to FCRA, the Fair Credit Reporting Act. FACTA was primarily established to allow individuals access to their credit report for free. It was also added to protect consumers from identity theft. FACTA describes the requirements for information privacy, accuracy, disposal, and sharing consumer information.

FACTA’s Requirements Regarding Shredding

FACTA applies to consumer records containing personally identifiable  information or financial information. According to the FTC, the  requirements for the proper disposal of consumer information are:

“Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.”

FACTA’s ‘reasonable measures of disposal’ include implementing and monitoring policies and procedures that require burning, pulverizing, or shredding papers containing consumer information so that the information can’t be read or reconstructed. This also applies to  destroying or erasing electronic media with consumer information.

The government also has the right to perform due diligence on third-party shredding companies. This could involve everything from an  independent audit of the disposal company’s operations to requiring  certifications from a recognized trade association.

The penalties for FACTA violations can be fines of up to $1000 per violation at the state level, and $2500 per violation at the federal  level. As an example, say your business went through a disposal-related  security breach that affected 1,000 customers. If the fines are $1000  per customer, it could result in class action lawsuits with damages that  cost $1,000,000 or more. Therefore, it’s imperative that your business is compliant with FACTA requirements.

HIPPA stands for the Health Insurance Portability and Accountability  Act. Established in 1995, it is typically known for protecting patient  confidentiality. Regarding document disposal, it refers to covered  entities, which include health plans, healthcare clearinghouses, and  healthcare providers. The law requires that healthcare industry  professionals responsibly shred discarded paper information.  It also requires that covered entities must ensure that workforce  members receive training on the entity’s disposal policies and  procedures. The Gramm-Leach- Billey Act (GLBA) was  established in 1999 and requires that banking and financial  institutions protect the privacy of consumer data. Financial  institutions must communicate to their customers how they share their  customers’ sensitive data, inform customers of their right to opt-out if  they prefer that their personal data not be shared with third parties,  and apply specific protections to customers’ private data in accordance  with a written information security plan created by the institution.

To ensure ccompliance with FACTA and other document shredding laws, you can take the following actions:

1. Make sure document disposal is covered in your organization’s employee handbook.
2. Implement document disposal training and insist that attendance is  mandatory, particularly for employees who work with confidential  information, or supervise employees who do.
3. Create periodic checks to make sure you’re following compliance rules. Designate staff who will monitor these efforts.
4. Partner with a shredding service. An outside partner can help you ensure that your documents are destroyed efficiently and securely.
5. Make sure your shredding service provides a certificate of destruction. This detailed information  ensures proper guidelines were followed and further decreases risk of  exposure.

Without established document destruction methods, your organization is at great risk for consumer identity theft and legal penalties for  non-compliance. Working with a third party shredding service will go a long way in protecting your business and consumer  information in ways that are safe, secure, and in lockstep with the law.

Additional information

Company policies – Legacy Project Inc has an established procedures and policy guidelines for the handling of confidential information. Confidential material is kept secure until its destruction. All employees have had extensive background checks and are bound by a confidentiality document. A Document of Destruction is provided for all shredding jobs upon request. Any recyclable material that Legacy Project collects and destroys will get recycled.

Please ontact us for additional information