As a small business, shredding your documents and data involves more than just keep your customers’ information safe — it’s about complying with the law. A number of federal laws dictate how your business must get rid of its information, and maintaining compliance is an important component of being successful.
To get you started on the right track, here are two of the most important laws, which may apply to you and which dictate how your business must shred documents:
HIPAA
If your business utilizes protected health information, you probably already know that HIPAA applies to you. What you may not have known is how HIPAA applies to destroying information.
Under HIPAA, companies are required to “apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information” (DHHS). Part of these safeguards include document shredding, which means (according to the DHHS, mentioned above):
- Destroying information so that it cannot be reconstructed
- Maintaining labeled personal health information in a secure area and securely shredding or destroying that information
- Clearing, destroying, or purging personal health information stored electronically
FACTA
FACTA, the Fair and Accurate Credit Transactions Act of 2003, added a disposal rule for any business or individual who uses a consumer report for a business purpose — a fairly wide-reaching business audience. If you are a member of any of the following types of businesses, FACTA applies to you:
- Consumer reporting company
- Lender
- Insurer
- Employer
- Landlord
- Government agency
- Mortgage broker
- Car dealer
- Attorney
- Private investigator
- Debt collector
- Individual who pulls consumer reports on prospective home employees
- Entity that maintains information in consumer reports
FACTA affects small and large business alike. Whether you’re a one-person company who works from home, or a business with several hundred employees, you’re required under FACTA to take due diligence in the disposal of information in a consumer report. In essence, all sensitive data must be properly destroyed in order to maintain compliance with the law.
Penalties for Non-Compliance
An article by USA Today notes a number of penalties that could be incurred on you or your business if you’re found to be in violation of laws regarding document destruction:
- Civil liability of actual damages, or statutory damages of up to $1,000 per employee if an employee’s identity is stolen as a result of your inaction
- Class action lawsuits if a large number of employees are affected
- Federal fines of up to $2,500 per violation
- State fines of up to $1,000 per violation
It’s easy to see how shredding documents properly prevents your business from getting into legal and financial trouble later on. Going through the effort of properly destroying your documents and data now protects you down the road.
Staying Safe
DataShield is here to guarantee that your business maintains compliance with local and federal laws regarding document and data destruction. We won’t just destroy your data; we’ll make sure that your business is up-to-date on the multitude of laws surrounding destruction of data.
To learn more about how DataShield can help your business stay compliant, contact us here today.