Taking the Stress Out of Document Shredding Compliance

Businesses in different verticals are consistently burdened with files and documents that contain sensitive information. As such, they’re subjected to strict regulations from government institutes that require organizations to keep consumer information safe. Many industries have specific document shredding policies that must be vigilantly followed to prevent fines and other penalties. We’ve complied some of the most important ones below.


If you are a medical or healthcare institute, there’s a slew of HIPAA regulations you need to worry about. HIPAA has laid out certain rules pertaining to document disposal procedures, including pulping, shredding, and burning any paper that features personal health information (PHI as short) to the extent that they are completely indecipherable and unreadable. Also, documents featuring PHI should never be thrown in the dustbin along with the lunch cartons of your personnel or toted to the dumpster with a pile of magazines. The easiest way to stay compliant is to use an HIPAA complaint shredder that destroys the paper beyond unreadable. Place your hopes on a cross-cutter to best meet the requirements laid out by HIPAA – these little machines convert document into confetti that no one can put back into place.

Gramm-Leach-Bliley, Electronic Espionage and others

The financial industry also faces a set of compliance rules from government organizations. However, most shredding policies in this industry are scattered across varying regulations and statues, making it hassle free to overlook important rules. With that said, financial companies should keep a close eye on the laws related to the Electronic Espionage and Gramm-Leach-Bliley acts, both of which state that customer information that is no longer relevant or important for use should be destroyed to pieces. Likewise, it is crucial to shred records as soon as the period of retention expires (it’s typically five years for most documents in case of banks). Holding confidential paper past retention expiry can just as much damage as not keeping them around for long.

FERPA (The Family Educational Rights and Privacy Act)

In the education industry, there is no shortage of paper produced during exams, classrooms, etc. University records include heaps of details ranging from health to academic. Also, when pupils change institutes, records get transferred or copied in electronic form and a physical record gets couriered as well. Original documents that are no longer useful should be permanently trashed according to the FERPA law. The federal privacy law applies to academic records in institutes that are regulated by the government, including the ones supported by the US Department of Education. Educational records related to birth certificates, progress reports, family name, immunization, and custody agreements should be torn into pieces. Most of the modern shredders are FERPA complaint, ensuring that schools, colleges & universities remain on the right side of the law. All that aside, educational institutes should make sure they contact the relevant person in case they want a copy of the document. Any volunteers working in the shredding department should also be trained for adequate storage and destruction of educational records.

FACTA (The Fair and Accurate Credit Transactions Act)

Though this act applies to businesses in every vertical, it’s especially relevant for law-based companies. Regardless of their size, the act states that they should adequately destroy and protect confidential information about their customers. Some brand new sections were included in the federal Fair Credit Reporting Act by 2003 FACTA (like 15 U.S.C.) to battle the growing threat of identity thieves. Those who are shredding but not in compliance with FACTA are essentially going against the law. The right document shredders can ensure that your business carriers out the disposal and cutting in a FACTA complaint way. Another thing they can do is write a policy for shredding methods that informs how personnel should comply to protect clients’ information. In addition, you can consider investing in a few shred bins to ensure your documents are being stored appropriately before any shredding for avoiding legal repercussions related to parting ways with confidential data like client records. Main features of these bins include easy transportation wheels, paper insertion via one-way hard slots and locking lid hasps.

NAID (National Association for Information Destruction)

Organizations like yours may have heard of NAID certification, but only a few companies know what NAID represents. For those unfamiliar, NAID is present with the aim to assist and endorse ethics of the highest standard in the document destruction industry, via partnering with lawmakers and members to ensure things like that do happen. Those who want to be certified have to meet specific criteria. For example, they have to conduct criminal background checks on staff members who’re going to be handling the shredding process. Additionally, they should have detailed security measures in place with stringent security procedures along every step of the journey. Only then they’ll be able to enjoy the certification of destruction and the 3 million USD general liabilities insurance that comes with it. NAID certified businesses will also be subject to audits that confirm that adequate protection measures have been taken to protect people’s information.  

Note: NAID and other similar certifications typically include things like the location and destruction date, the personal information of employees who carried out the shredding, transferring of disposal information, and more. Those who get this certification will be held accountable if an audit or a legal action is carried out and a custody trail chain is left.

Bottom Line

Correct document shredding is essential in this modern day and age. Almost every organization out there manages sensitive data. Therefore, all businesses out there should be concerned about following laws that demand shredding, securing their customer’s privacy, and safeguarding the proprietary information of all stakeholders. Collectively, there are more than 5 laws for shredding in a complaint manner, in order to mitigate the risk of identity theft. Whatever industry you’re in, keep your eyes out for any sort of incompliance, and train employees regularly to ensure they’re shredding confidential information to bits and disposing it off in far off, inaccessible locations.