Security Policies & Shredding Laws
Welcome to the FileShred Resources page! Here, you will find key information regarding our paper shredding company’s security policies as well as applicable state and federal shredding laws. Explore the page below to learn more, and don’t hesitate to call us at (855) 54-SHRED or contact us today if you have any questions.
Security Policies: FileShred
Below is a list of our company’s security policies, put in place to help ensure our customers’ total information security.
- All employees must complete background and credit checks.
- All employees must sign confidentiality agreements.
- All employees are bonded and insured.
- All employees are uniformed with photo identification.
- All employees go through security training and testing.
- FileShred is compliant with all state and federal regulations that apply to information destruction.
- FileShred is a member of NAID.
- Particle sizes of shredded paper are within the NAID guidelines.
- FileShred maintains the chain of custody of your document from the time they are released to us until they are completely destroyed.
- FileShred will make available to customers a copy of our security policies and procedures.
- FileShred will not separate your documents before shredding.
State & Federal Shredding Laws
All state and federal laws assert that shredding of documents is one of the required methods of disposing of documents. We have summarized the applicable laws for your convenience.
Connecticut State Law
Connecticut law states that any individual, firm, partnership, association, corporation, limited liability company, organization, or other entity is required to destroy files and documents prior to disposal by shredding or other means of permanent destruction. That means everyone!
Health Insurance Portability and Accountability Act (HIPAA)
This law covers anyone that handles protected health information (PHI). When PHI in paper records ais being disposed of, it needs to be shredded to render the information unreadable, indecipherable, and otherwise unable to be reconstructed.
Fair and Accurate Credit Transactions Act (FACTA)
The Fair and Accurate Credit Transactions Act of 2003 applies to all creditors and credit reporting agencies, as well as financial institutions requiring proper disposal of consumer report information and records, which includes shredding.
Sarbanes-Oxley Act (SOX)
The Sarbanes-Oxley Act was enacted in response to a series of high-profile financial scandals that occurred in the early 2000s at companies including Enron, WorldCom, and Tyco that rattled investor confidence. It applies to all public companies and accounting firms in the U.S., as well as international companies registered with the Securities Exchange Commission. This law makes them responsible for the proper disposal of financial records by shredding practices and carries significant penalties for noncompliance.
Gramm-Leach-Bliley Act of 1999 (GLB)
This act applies to financial institutions such as banks, insurance companies, financial services companies, and investment firms. It requires those companies to safeguard customer records, including when they are disposed of. Shredding is one of the required methods of disposal.
Privacy Act of 1974
This privacy act protects the privacy of records maintained by the federal government.
Payment Card Industry (PCI) Compliance
PCI compliance requires the following: documents must be cross-cut shredded, incinerated, or pulped such that there is reasonable assurance the hard copy materials cannot be reconstructed.
Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. The law applies to all schools and requires documents to be destroyed when they are disposed of. One of the approved methods is cross-cut shredding.