Let’s Get Personal.
When you work in the secure printing industry, you’re working with Personal Identifiable information (PII) every day. Regulations like the Fair and Accurate Credit Transaction Act (FACTA), General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), and Intergraf have changed the way that we handle and process paper, credit cards, printing plates, and more. So, with all these rules and regulations, are you taking every step necessary when these prints reach the end of their life and need to be securely destroyed?
You may feel that your company or organization is doing a good job destroying data because you’ve been breech-free and have had no major security problems. But in private data and security, threats are constantly evolving, changing, and adapting to the systems that are in place. If you end up being the victim of a breach and word gets out, the following can happen:
– Loss of customers/clients and confidence in your business
– Fraud losses, legal costs, and fines/penalties
– Ultimately lose jobs and go out of business
In fact, studies show that over 60 percent of small businesses that experience a breach never recover and end up going out of business within one year. To avoid this, you need to have a preemptive plan of how to destroy sensitive data correctly and efficiently.
Destruction Guidelines: What Do I Do?
A high quality data destruction shredder can be used to shred all documents that contain any PII. According to FACTA, a shredder needs to make paper unreadable and unable to be recovered. For print, this includes shredding, pulverization, and burning. The NSA standard for print to be unrecoverable is a 1mm by 5mm particle size. A machine like the 244/4 High Security Paper Shredder would do the trick.
In Europe, GDPR not only pushes for just the secure destruction of PII. According to Article 17, the “Right to Erasure”, any consumer can request to have all their personal information wiped from a company at any given time. If a consumer makes the request, the company has 30 days to comply to remove all sensitive information they have on the individual. GDPR standard for paper destruction is a 10mm particle size. This Unclassified shredder list will meet the standard set forth by the GDPR while allowing you to choose a model that fits your workload.
When creating a new credit card data, PII can be left behind before the card is even shipped out. Within the process of printing information on a new card, a printing plate is used to create the lettering, design, and some of the security features on the card. In the same manner, tipping foil that is used to personalize cards can have the numbers from the card left in the foil after use.
To be properly secured and maintain client security, all parts of the process must be properly destroyed, including the credit cards themselves. Intergraf, the European federation for print and digital communication, is a rising standard that is quickly becoming adopted in the secure printing industry. The most security-focused printers are choosing to become Intergraf certified, as more and more clients begin to request that their information is properly handled and destroyed. The standard for printing plates is DIN 66399 P-1, while for credit cards the standard is a minimum of P-5.
When you have a large load of cards to destroy, a machine like the 0201 OMD Optical Media Destroyer would be more than enough to securely destroy cards to a size no one could recover. If you need to destroy credit cards, tipping foil, and printing plates, we recommend using a machine like the 1012/5, which not only destroys all the materials listed, but also runs free of oil.
While the world around us likes to say that print is going away, the reality is that it’s not. The steps that you take today to prepare for the destruction of PII could not only save you money, but your entire job and company as a whole. Keep up to date with the latest standards and use high quality shredders to ensure that you maintain data securely and professionally for you and your clients.