It is typical for companies to focus more on the security of their digital network than on physical protection of documents and data. Physical security tends to fall by the wayside even though it’s fairly easy for criminals to go dumpster diving. If the organization doesn’t end up losing all important assets in a breach, it’s common it could still suffer from irreversible brand damage. In 2007, Radio Shack dumped more than 20 boxes containing personally identifiable information (PII) for thousands of customers. A man found rummaging through the dumpster found the boxes and reported it. Shortly following, the State of Texas filed a civil lawsuit against Radio Shack for exposing its customers to identity theft. The state’s lawsuit claims the company “failed to safeguard the information by shredding, erasing, or other means, to make it unreadable or undecipherable before disposing of its business records.” Cases like this are common, and identity theft has become a major problem worldwide.
The Recycling Myth
Many believe that recycling is a very different process from trash processing and somewhat safer in terms of data security. This understanding is far from the truth. People mostly understand that trash ends up in landfills where anyone could find sensitive material. At the same time, many people often think that recycling is safer for confidential documents since they will be destroyed and repurposed instead of being shipped to a landfill. In actuality, recycling is not transported securely. In fact, recycling trucks look like every other garbage truck, where documents and other personally identifiable information (PII) will be blowing around in the truck before being dropped off at the recycling facility. On average, recyclables sit on sorting floors from anywhere from 2-4 weeks before being destroyed. The remnants don’t sort themselves either; dozens of employees’ sort what the machines cannot and will have access to documents before they are destroyed. As opposed to destroying the documents yourself, there is absolutely no way of proving sensitive information has been destroyed when you send it to the recycler.
Protect the Customers and Employees, Protect the Business
Consumer privacy legislation has been increasing around the United States within the last few years. Recent laws such as the NY SHIELD Act and the California Consumer Privacy Act (CCPA) are giving consumers more rights relating to their access and deletion of sharing personal information that is collected by businesses. These laws give consumers a large amount of freedom over their personal information, which could open up a host of severe penalties and lawsuits for companies that fail to comply with these regulations. This trend is also being seen in other nations such as the European Union’s General Data Protection Regulation (GDPR) and India’s Personal Protection Bill, and it is expected to continue on this uptick everywhere in the near future. Knowing this, there is a heavier weight on organizations to protect customers’ personal and secure information or the company will be at risk for mishandling said information and could be subject to harsh monetary penalties. Employees have the same legal right to privacy as customers and expect their employer to keep their information secure as well. At the end of the day, the stakeholders will pull the most weight, and it’s important to treat their information the same as how you’d want your own sensitive information dealt with/disposed of.
Secure Your Disposal of Records
Businesses have a choice when it comes to how they want to dispose of their paper records, usually weighing the convenience, cost, and legal risks involved with complying to their industries’ standards or regulations. In U.S. government law, secure disposal is required when a record contains classified, controlled unclassified (CUI), or personally identifiable information (PII) such as address, phone number, names, emails, social security numbers, and more that can be used to identify an individual. It’s easy to consider the cost when opting for a third-party shredding company, but can you really be certain that all the documents are being shredded? It’s impossible to tell. Despite widespread adoption of electronic health record systems, most hospitals still use both paper and electronic documents for patient care. Healthcare cyberattacks overall are on the rise, with nearly 32 million patient records breached in 2019. It’s crucial to find a balance between digital security and physical destruction in the workplace. Increasing communication between colleagues so they are informed of appropriate processes can help mitigate potential breaches in regard to disposing of information no longer retained by the institution.
No matter what the industry, at SEM we have many high-quality NSA Listed/CUI and unclassified paper shredders to meet any regulation. For those looking for an eco-friendly device that’s also listed on the NSA EPL for Paper Shredders, we recommend the Model 1201CC High Security Shredder. It was tested oil-free by the NSA for classified document destruction due to its specially designed cutting head that is also fully replaceable, lowering total cost of ownership. Destroying physical data in-house may seem like a costly purchase in the short term but could send up saving a company exponentially in the long run by preventing breach. With regular maintenance, a quality shredder such as the 1201CC can last a lifetime. We’re happy to help answer any questions concerning personal or regulated shredding needs.