Shredding for Compliance

It's an easy thing to overlook. But, failing to destroy certain files properly can be incredibly costly.

At A Shred Ahead, we’ve seen first-hand how paper shredding is key to managing sensitive and confidential documents properly. Anyone dealing with company and customer files must consider more than just storage and access. You also have to account for maintaining compliance with many state and federal data privacy regulations. It’s not just paper: it’s hard drives and other data storage as well. On this page, we’ll dig deeper into these laws and provide you with more details on ensuring your compliance.

Get Your Free Quote Today

  • This field is for validation purposes and should be left unchanged.

More info on state & federal laws

A plan that includes regular document and hard drive shredding can ensure the integrity of the info you hold. Plus, it will help you stay on the right side of the law. Get details on state and federal laws here.

“Most companies keep sensitive personal information in their files: names, Social Security numbers, credit card, or other account data – that identifies customers or employees… If sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or similar harms. Given the cost of a security breach – losing your customers’ trust and perhaps even defending yourself against a lawsuit – safeguarding personal information is just plain good business.”

—The Federal Trade Commission (FTC)

It touches everything from medical files and credit reports to financial statements and even routine credit card transactions. There’s a web of legislation that can impact a huge number of the interactions between customers and businesses of all kinds. The specifics vary from industry to industry and from state to state. The key thing to keep in mind is that no matter what business you are in, the security of customer records is not something to take lightly. Failure to comply with the tightened regulations can bring severe penalties and heavy fines. This is true whether it’s an actual data breach or, in some cases, just the possibility of unauthorized access.


State-Specific Laws in Our Region

Arkansas

Document Destruction Compliance
Arkansas enacted the Personal Information Protection act in 2005, covering both the destruction of customer records by businesses, and the requirements for notification in case a security breach does occur.

Breach of Security: What the Law Says
“Any person or business that acquires, owns, or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach of the security of the system to any resident of Arkansas whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” Disclosure is required “in the most expedient time and manner possible and without unreasonable delay.”

The law also applies to individuals or businesses that maintain data for others, and requires notification of the owner of the data “immediately following discovery” of a possible breach.

Violations are “punishable by action of the Attorney General.”

Disposal of Records: What the Law Says
“A person or business shall take all reasonable steps to destroy or arrange for the destruction of a customer’s records within its custody or control containing personal information that is no longer to be retained by the person or business by shredding, erasing, or otherwise modifying the personal information in the records to make it unreadable or undecipherable through any means.”

In addition, “A person or business that acquires, owns, or licenses personal information about an Arkansas resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.”

What You Can Do
The best thing you can do is to have systems in place to stop security breaches before they occur – including the secure storage and proper destruction of paper and electronic records.

A Shred Ahead handles both the shredding of paper documents and the secure destruction of computer disks. We help companies doing business in Arkansas institute programs designed to comply with state and federal regulations.

Florida

Florida enacted the Unlawful Use of Personal Identification Information Act in 2005, part of which covers the requirements for notifying customers in case a business suffers a breach in data security.

Breach of Security: What the Law Says
“Any person who conducts business in this state and maintains computerized data in a system that includes personal information shall provide notice of any breach of the security of the system, following a determination of the breach, to any resident of this state whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” The law requires notification “without unreasonable delay” and in no more than 45 days. The law also applies to individuals who maintain data for other businesses, and requires notification of those businesses “as soon as practicable, but no later than 10 days” following a breach.

Violations can result in serious fines:

“Any person required to make notification under paragraph (a) who fails to do so within 45 days following the determination of a breach or receipt of notice from law enforcement as provided in subsection (3) is liable for an administrative fine not to exceed $500,000, as follows:

  1. In the amount of $1,000 for each day the breach goes undisclosed for up to 30 days and, thereafter, $50,000 for each 30-day period or portion thereof for up to 180 days.
  2. If notification is not made within 180 days, any person required to make notification under paragraph (a) who fails to do so is subject to an administrative fine of up to $500,000.”

What You Can Do
The best thing you can do is to have a system in place to stop security breaches before they occur.

The Federal Trade Commission offers the following checklist:

  1. Take stock. Know what personal information you have in your files and on your computers.
    1. What kind of information you collect? Where do you keep the information? Who has – or could have – access to the information?
  2. Scale down. Keep only what you need for your business.
    1. If you don’t have a legitimate business need for sensitive personally identifying information, don’t keep it. In fact, don’t even collect it.
  3. Lock it. Protect the information that you keep.
    1. Many data compromises happen the old-fashioned way – through lost or stolen paper documents. Often, the best defense is a locked door or an alert employee. Store paper documents or files… in a locked room or in a locked file cabinet. Limit access to employees with a legitimate business need. Control who has a key, and the number of keys.
  4. Pitch it. Properly dispose of what you no longer need.
    1. What looks like a sack of trash to you can be a gold mine for an identity thief. Leaving credit card receipts or papers or CDs with personally identifying information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. By properly disposing of sensitive information, you ensure that it cannot be read or reconstructed.
  5. Plan ahead.
    1. Create a plan to respond to security incidents.

A Shred Ahead handles both the shredding of paper documents and the secure destruction of computer disks. We help companies doing business in Florida institute programs designed to comply with state and federal regulations.

Georgia

Georgia has been particularly vigorous in the area of identity theft. SB 475, covering Offense of Identity Fraud, was first enacted in 1998, and amended in 2002. The law in Georgia encompasses both the destruction of customer records by businesses, and the requirements for notification in case a security breach does occur.

Breach of Security: What the Law Says
“Any information broker or data collector that maintains computerized data that includes personal information of individuals shall give notice of any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of this state whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The notice shall be made in the most expedient time possible and without unreasonable delay.”

The law also applies to individuals or companies that maintain data for information brokers or data collectors, and requires notification of a possible breach within 24 hours.

Disposal of Records: What the Law Says
“A business may not discard a record containing personal information unless it:

Shreds the customer’s record before discarding the record;
Erases the personal information contained in the customer’s record before discarding the record;
Modifies the customer’s record to make the personal information unreadable before discarding the record; or
Takes actions that it reasonably believes will ensure that no unauthorized person will have access to the personal information contained in the customer’s record for the period between the record’s disposal and the record’s destruction.”
Violations can lead to fines of up to $500 for each record, up to a maximum of $10,000.

What You Can Do
The best thing you can do is to have systems in place to stop security breaches before they occur – including the secure storage and proper destruction of paper and electronic records. A Shred Ahead handles both the shredding of paper documents and the secure destruction of computer disks. We help companies doing business in Georgia institute programs designed to comply with state and federal regulations.

Kentucky

Kentucky enacted its Customer Records Destruction Law in 2005, covering the requirements for businesses related to the proper disposal of customer information. As the state attorney general’s office states:

“Some identity thieves get key pieces of personally identifying information from trash bins or other discarded business records that have not been shredded or otherwise made unreadable, in order to commit frauds or crimes in another’s name… Proper destruction of records containing personal information will go far to protect individuals from identity theft.”

Disposal of Records: What the Law Says
“When a business disposes of, other than by storage, any customer’s records that are not required to be retained, the business shall take reasonable steps to destroy, or arrange for the destruction of, that portion of the records containing personally identifiable information by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or indecipherable through any means.” Note that “records” means “any material, regardless of the physical form, on which information is recorded or preserved by any means, including in written or spoken words, graphically depicted, printed, or electromagnetically transmitted.”

Customers who feel they have been injured by a violation can bring a civil action to recover damages.

What You Can Do
The best thing you can do is to have a system in place to stop security breaches before they occur.

The Federal Trade Commission offers the following checklist:

  1. Take stock. Know what personal information you have in your files and on your computers.
    1. What kind of information do you collect? Where do you keep the information? Who has – or could have – access to the information?
  2. Scale down. Keep only what you need for your business.
    1. If you don’t have a legitimate business need for sensitive personally identifying information, don’t keep it. In fact, don’t even collect it.
  3. Lock it. Protect the information that you keep.
    1. Many data compromises happen the old-fashioned way – through lost or stolen paper documents. Often, the best defense is a locked door or an alert employee. Store paper documents or files… in a locked room or in a locked file cabinet. Limit access to employees with a legitimate business need. Control who has a key, and the number of keys.
  4. Pitch it.
    1. Properly dispose of what you no longer need. What looks like a sack of trash to you can be a gold mine for an identity thief. Leaving credit card receipts or papers or CDs with personally identifying information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. By properly disposing of sensitive information, you ensure that it cannot be read or reconstructed.
  5. Plan ahead.
    1. Create a plan to respond to security incidents.

A Shred Ahead handles both the shredding of paper documents and the secure destruction of computer disks. We help companies doing business in Kentucky institute programs designed to comply with state and federal regulations.

Louisiana

Document Destruction Compliance
Louisiana’s Database Security Breach Notification Law was enacted in 2005 and became effective on January 1, 2006. It includes the requirements for notifying customers in case a business suffers a breach in data security.

Breach of Security: What the Law Says
“Any person that conducts business in the state or that owns or licenses computerized data that includes personal information, or any agency that owns or licenses computerized data that includes personal information, shall, following discovery of a breach in the security of the system containing such data, notify any resident of the state whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”

The law also applies to individuals or businesses that maintain data for others, and in all cases requires notification of the owner of the data “in the most expedient time possible and without unreasonable delay.” Violations can result in civil action “to recover actual damages resulting from the failure to disclose in a timely manner to a person that there has been a breach of the security system resulting in the disclosure of a person’s personal information.”

What You Can Do
The best thing you can do is to have a system in place to stop security breaches before they occur.

The Federal Trade Commission offers the following checklist:

  1. Take stock. Know what personal information you have in your files and on your computers.
    1. What kind of information do you collect? Where do you keep the information? Who has – or could have – access to the information?
  2. Scale down. Keep only what you need for your business.
    1. If you don’t have a legitimate business need for sensitive personally identifying information, don’t keep it. In fact, don’t even collect it.
  3. Lock it. Protect the information that you keep.
    1. Many data compromises happen the old-fashioned way – through lost or stolen paper documents. Often, the best defense is a locked door or an alert employee. Store paper documents or files… in a locked room or in a locked file cabinet. Limit access to employees with a legitimate business need. Control who has a key, and the number of keys.
  4. Pitch it. Properly dispose of what you no longer need.
    1. What looks like a sack of trash to you can be a gold mine for an identity thief. Leaving credit card receipts or papers or CDs with personally identifying information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. By properly disposing of sensitive information, you ensure that it cannot be read or reconstructed.
  5. Plan ahead.
    1. Create a plan to respond to security incidents.

A Shred Ahead handles both the shredding of paper documents and the secure destruction of computer disks. We help companies doing business in Louisiana institute programs designed to comply with state and federal regulations.

Mississippi

Document Destruction Compliance
Mississippi has one of the newest data security laws in the nation; HB 583 went into effect in the summer of 2011. It spells out the requirements for notification of customers in case a business suffers a breach in data security.

Breach of Security: What the Law Says
“A person who conducts business in this state shall disclose any breach of security to all affected individuals.” A breach of security “means unauthorized acquisition of electronic files, media, databases or computerized data containing personal information of any resident of this state when access to the personal information has not been secured by encryption or by any other method or technology that renders the personal information unreadable or unusable.” Disclosure is required “without unreasonable delay.” The law also applies to individuals who maintain data for others, and requires notification of the owner of the data “as soon as practicable” following discovery of a possible breach. “Failure to comply with the requirements of this section shall constitute an unfair trade practice and shall be enforced by the Attorney General.”

What You Can Do
The best thing you can do is to have a system in place to stop security breaches before they occur.

The Federal Trade Commission offers the following checklist:

  1. Take stock. Know what personal information you have in your files and on your computers.
    1. What kind of information do you collect? Where do you keep the information? Who has – or could have – access to the information?
  2. Scale down. Keep only what you need for your business.
    1. If you don’t have a legitimate business need for sensitive personally identifying information, don’t keep it. In fact, don’t even collect it.
  3. Lock it. Protect the information that you keep.
    1. Many data compromises happen the old-fashioned way – through lost or stolen paper documents. Often, the best defense is a locked door or an alert employee. Store paper documents or files… in a locked room or in a locked file cabinet. Limit access to employees with a legitimate business need. Control who has a key, and the number of keys.
  4. Pitch it. Properly dispose of what you no longer need.
    1. What looks like a sack of trash to you can be a gold mine for an identity thief. Leaving credit card receipts or papers or CDs with personally identifying information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. By properly disposing of sensitive information, you ensure that it cannot be read or reconstructed.
  5. Plan ahead.
    1. Create a plan to respond to security incidents.

A Shred Ahead handles both the shredding of paper documents and the secure destruction of computer disks. We help companies doing business in Mississippi institute programs designed to comply with state and federal regulations.

North Carolina

Shredding Compliance
North Carolina’s Identity Theft Protection Act, enacted in 2005 and amended in 2007, includes statutes covering both the “destruction of personal information records” and “protection from security breaches.”

Breach of Security: What the Law Says
“Any business that owns or licenses personal information of residents of North Carolina or any business that conducts business in North Carolina that owns or licenses personal information in any form (whether computerized, paper, or otherwise) shall provide notice to the affected person that there has been a security breach following discovery or notification of the breach.” Notification is to be made without unreasonable delay.
The law also applies to businesses that “maintain or possess” personal information of North Carolina residents, and requires notification of the owner of the data “immediately following discovery of the breach.” Note that North Carolina law specifically refers to both electronic and paper records.

Disposal of Records: What the Law Says
“Any business that conducts business in North Carolina and any business that maintains or otherwise possesses personal information of a resident of North Carolina must take reasonable measures to protect against unauthorized access to or use of the information in connection with or after its disposal.

The reasonable measures must include:

  1. Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing personal information so that information cannot be practicably read or reconstructed.
  2. Implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media and other non-paper media containing personal information so that the information cannot practicably be read or reconstructed. Describing procedures relating to the adequate destruction or proper disposal of personal records as official policy in the writings of the business entity.”
  3. Businesses are authorized to work with an outside party “engaged in the business of record destruction to destroy personal information in a manner consistent with this section.”

Violations are subject to civil action; damages can be tripled if “the business was negligent in the training, supervision, or monitoring of those employees” responsible.

What You Can Do
The best thing you can do is to have systems in place to stop security breaches before they occur – including the secure storage and proper destruction of paper and electronic records.

A Shred Ahead handles both the shredding of paper documents and the secure destruction of computer disks. We help companies doing business in North Carolina institute programs designed to comply with state and federal regulations.

Oklahoma

Compliance
Oklahoma enacted a Security Breach Notification Act in 2008, expanding on a much narrower 2006 law that covered only state government agencies. The 2008 statute spells out the requirements for notification of customers in case a business in the state suffers a breach in data security.

Breach of Security: What the Law Says
“An individual or entity that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach of the security of the system to any resident of this state whose unencrypted and unredacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person and that causes, or the individual or entity reasonably believes has caused or will cause, identity theft or other fraud to any resident of this state.” Disclosure is required “without unreasonable delay.”

The law also applies to those who maintain data for others, and requires notification of the owner of the data “as soon as practicable” following discovery of a possible breach.

Violations may lead to action by the attorney general or a district attorney, seeking “actual damages for a violation of this act or a civil penalty not to exceed One Hundred Fifty Thousand Dollars ($150,000.00) per breach of the security of the system or series of breaches of a similar nature that are discovered in a single investigation.”

What You Can Do
The best thing you can do is to have a system in place to stop security breaches before they occur.

The Federal Trade Commission offers the following checklist:

  1. Take stock. Know what personal information you have in your files and on your computers.
    1. What kind of information do you collect? Where do you keep the information? Who has – or could have – access to the information?
  2. Scale down. Keep only what you need for your business.
    1. If you don’t have a legitimate business need for sensitive personally identifying information, don’t keep it. In fact, don’t even collect it.
  3. Lock it. Protect the information that you keep.
    1. Many data compromises happen the old-fashioned way – through lost or stolen paper documents. Often, the best defense is a locked door or an alert employee. Store paper documents or files… in a locked room or in a locked file cabinet. Limit access to employees with a legitimate business need. Control who has a key, and the number of keys.
  4. Pitch it. Properly dispose of what you no longer need.
    1. What looks like a sack of trash to you can be a gold mine for an identity thief. Leaving credit card receipts or papers or CDs with personally identifying information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. By properly disposing of sensitive information, you ensure that it cannot be read or reconstructed.
  5. Plan ahead.
    1. Create a plan to respond to security incidents. A Shred Ahead handles both the shredding of paper documents and the secure destruction of computer disks. We help companies doing business in Oklahoma institute programs designed to comply with state and federal regulations.

South Carolina

State Compliance Information
South Carolina enacted the Financial Identity Fraud and Identity Theft Protection Act in 2008, with the security breach provisions going into effect in 2009. The act includes the requirements for notifying customers in case a business in the state suffers a breach in data security.

Breach of Security: What the Law Says
“A person conducting business in this State, and owning or licensing computerized data or other data that includes personal identifying information, shall disclose a breach of the security of the system following discovery or notification of the breach in the security of the data to a resident of this State whose personal identifying information that was not rendered unusable through encryption, redaction, or other methods was, or is reasonably believed to have been, acquired by an unauthorized person when the illegal use of the information has occurred or is reasonably likely to occur or use of the information creates a material risk of harm to the resident.” Disclosure is required “in the most expedient time possible and without unreasonable delay.”

The law also applies to individuals who maintain data for others, and requires notification of the owner of the data “immediately following discovery” of a possible breach.

Violations can lead to civil action by any “resident of this State who is injured by a violation.” In addition, anyone “who knowingly and willfully [sic] violates this section is subject to an administrative fine in the amount of one thousand dollars for each resident whose information was accessible by reason of the breach.”

What You Can Do

The best thing you can do is to have a system in place to stop security breaches before they occur.

The Federal Trade Commission offers the following checklist:

  1. Take stock. Know what personal information you have in your files and on your computers.
    1. What kind of information do you collect? Where do you keep the information? Who has – or could have – access to the information?
  2. Scale down. Keep only what you need for your business.
    1. If you don’t have a legitimate business need for sensitive personally identifying information, don’t keep it. In fact, don’t even collect it.
  3. Lock it. Protect the information that you keep.
    1. Many data compromises happen the old-fashioned way – through lost or stolen paper documents. Often, the best defense is a locked door or an alert employee. Store paper documents or files… in a locked room or in a locked file cabinet. Limit access to employees with a legitimate business need. Control who has a key, and the number of keys.
  4. Pitch it. Properly dispose of what you no longer need.
    1. What looks like a sack of trash to you can be a gold mine for an identity thief. Leaving credit card receipts or papers or CDs with personally identifying information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. By properly disposing of sensitive information, you ensure that it cannot be read or reconstructed.
  5. Plan ahead.
    1. Create a plan to respond to security incidents.

A Shred Ahead handles both the shredding of paper documents and the secure destruction of computer disks. We help companies doing business in South Carolina institute programs designed to comply with state and federal regulations.

Tennessee

Document Destruction Compliance
Tennessee enacted the Identity Theft Deterrence Act of 1999, amending the Tennessee Consumer Protection Act of 1977. The updated act included a section listing the requirements for notification of customers in case a person or company doing business in the state suffers a breach

Breach of Security: What the Law Says
“Any information holder shall disclose any breach of the security of the system, following discovery or notification of the breach in the security of the data, to any resident of Tennessee whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” Notification is required “in the most expedient time possible and without unreasonable delay.”

The law also applies to those who hold data for others, and requires disclosure to the owner of the data “immediately following discovery” of a possible breach.

Violations are subject to civil action by anyone “who is injured by a violation” to recover damages.

What You Can Do
The best thing you can do is to have a system in place to stop security breaches before they occur.

The Federal Trade Commission offers the following checklist:

  1. Take stock. Know what personal information you have in your files and on your computers.
    1. What kind of information do you collect? Where do you keep the information? Who has – or could have – access to the information?
  2. Scale down. Keep only what you need for your business.
    1. If you don’t have a legitimate business need for sensitive personally identifying information, don’t keep it. In fact, don’t even collect it.
  3. Lock it. Protect the information that you keep.
    1. Many data compromises happen the old-fashioned way – through lost or stolen paper documents. Often, the best defense is a locked door or an alert employee. Store paper documents or files… in a locked room or in a locked file cabinet. Limit access to employees with a legitimate business need. Control who has a key, and the number of keys.
  4. Pitch it. Properly dispose of what you no longer need.
    1. What looks like a sack of trash to you can be a gold mine for an identity thief. Leaving credit card receipts or papers or CDs with personally identifying information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. By properly disposing of sensitive information, you ensure that it cannot be read or reconstructed.
  5. Plan ahead.
    1. Create a plan to respond to security incidents.

A Shred Ahead handles both the shredding of paper documents and the secure destruction of computer disks. We help companies doing business in Tennessee institute programs designed to comply with state and federal regulations.

Texas

Compliance
In 2009, Texas instituted regulations governing the Disposal of Certain Business Records and enacted the Identity Theft Enforcement and Protection Act. Between them, they cover the destruction of customer records by businesses, and the requirements for notification in case a security breach does occur.

Breach of Security: What the Law Says
“A person who conducts business in this state and owns or licenses computerized data that includes sensitive personal information shall disclose any breach of system security, after discovering or receiving notification of the breach, to any resident of this state whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” Notification is required “as quickly as possible.”

The law also applies to individuals who maintain records for someone else, and requires notification of the owner of the data “immediately after discovering the breach.”
Violations are subject to fines of at least $2,000 and up to $50,000 each.

Disposal of Records: What the Law Says
“(b) When a business disposes of a business record that contains personal identifying information of a customer of the business, the business shall modify, by shredding, erasing, or other means, the personal identifying information so as to make the information unreadable or undecipherable.
(c) A business is considered to comply with Subsection (b) if the business contracts with a person engaged in the business of disposing of records for the modification of personal identifying information on behalf of the business in accordance with that subsection.
Failure to comply can result in fines of up to $500 per business record.”

What You Can Do
The best thing you can do is to have systems in place to stop security breaches before they occur – including the secure storage and proper destruction of paper and electronic records.
A Shred Ahead handles both the shredding of paper documents and the secure destruction of computer disks. We help companies doing business in Texas institute programs designed to comply with state and federal regulations.

Virginia

Document Shredding Compliance
Virginia enacted a law covering Breach of Personal Information Notification in 2008; in 2011 an additional statute specifically related to medical information went into effect. The 2008 law includes requirements for notification of customers in case a person or company doing business in the state suffers a breach in data security.

Breach of Security: What the Law Says
“If unencrypted or unredacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person and causes, or the individual or entity reasonably believes has caused or will cause, identity theft or another fraud to any resident of the Commonwealth, an individual or entity that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach of the security of the system to the Office of the attorney general and any affected resident of the Commonwealth without unreasonable delay.”

The law also applies to those who maintain data for others, and requires notification “without unreasonable delay” following discovery of a possible breach.

Violations may lead to action by the attorney general, including “a civil penalty not to exceed $150,000 per breach of the security of the system or a series of breaches of a similar nature that are discovered in a single investigation.” In addition, “Nothing in this section shall limit an individual from recovering direct economic damages.”

What You Can Do
The best thing you can do is to have a system in place to stop security breaches before they occur.

The Federal Trade Commission offers the following checklist:

  1. Take stock. Know what personal information you have in your files and on your computers.
    1. What kind of information do you collect? Where do you keep the information? Who has – or could have – access to the information?
  2. Scale down. Keep only what you need for your business.
    1. If you don’t have a legitimate business need for sensitive personally identifying information, don’t keep it. In fact, don’t even collect it.
  3. Lock it. Protect the information that you keep.
    1. Many data compromises happen the old-fashioned way – through lost or stolen paper documents. Often, the best defense is a locked door or an alert employee. Store paper documents or files… in a locked room or in a locked file cabinet. Limit access to employees with a legitimate business need. Control who has a key, and the number of keys.
  4. Pitch it. Properly dispose of what you no longer need.
    1. What looks like a sack of trash to you can be a gold mine for an identity thief. Leaving credit card receipts or papers or CDs with personally identifying information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. By properly disposing of sensitive information, you ensure that it cannot be read or reconstructed.
  5. Plan ahead.
    1. Create a plan to respond to security incidents.

A Shred Ahead handles both the shredding of paper documents and the secure destruction of computer disks. We help companies doing business in Virginia institute programs designed to comply with state and federal regulations.


Federal Laws

“According to a report of the President’s Identity Theft Task Force, identity theft (a fraud attempted or committed using identifying information of another person without authority), results in billions of dollars in losses each year to individuals and businesses.”

—The Federal Trade Commission (FTC)

Here are details on the current federal data security laws we’ll help you navigate:

Let’s get started!

Get Your Free Quote