At A Shred Ahead, we strive to offer the best customer service in the industry. Let's answer all your questions!
Welcome to our frequently asked questions (FAQs) page! Here, we address all of the questions our customers ask us and many others. We encourage you to browse our FAQs below, and feel free to reach out to us or call us at (866) 933-7171 if you have questions that aren’t answered here!
Anyone dealing with corporate and customer files has to think about more than just storage and access: you also have to take into account increasingly stringent federal and state data privacy regulations. Concerns about privacy, security, and identity theft have led to a dramatic increase in laws related to data breaches and customer confidentiality, and they often call for severe fines or other penalties for noncompliance. It is the responsibility of business owners and managers to know the laws that apply to them, and put in place a document destruction program designed to ensure compliance.
No. Complying with regulations typically calls for document destruction, and simply discarding paper records leaves them — and you — open to the negative impacts of identity theft perpetrated by unscrupulous “dumpster divers.”
The Federal Trade Commission lists several examples of how information may be destroyed: businesses can, for instance, “burn, pulverize, or shred papers containing consumer report information so that the information cannot be read or reconstructed.” Based on these options, in just about all instances paper shredding will be the most convenient, cost effective, and environmentally sensitive alternative.
One of the disposal measures the Federal Trade Commission highlights is to “hire a document destruction contractor to dispose of material specifically identified as consumer report information.” The complexity of the regulatory landscape makes this an attractive option for many businesses, since it frees up valuable staff time while offering peace of mind that the documents are being properly destroyed.
Yes. In addition to compliance issues, a proactive approach to document destruction can keep valuable, sensitive information away from competitors. It can also be part of a comprehensive sustainability initiative: at A Shred Ahead, shredded material is sent to paper mills for use in recycled-content paper, which saves trees, water, electricity, and gasoline.
More than you might imagine. Everything from phone records and photographs to receipts and resumes: any papers and documents that contain sensitive information should be destroyed as soon as they are no longer needed for business reasons. The best way to protect your customers’ data and your organization’s reputation is to have a foolproof system in place for document destruction.
Yes. A report from Javelin Strategy and Research estimated that in 2012, 12 million adults in the United States were victims of identity theft, leading to overall losses of $21 billion.
No. According to the Better Business Bureau, despite fears of phishing and other online scams, “most ‘garden variety’ identity theft doesn’t involve cyberspace… most identity thieves still rely on tried-and-true methods to get their hands on your paper records — real documents that can serve as the basis for their dirty work.”
The Federal Trade Commission provides several publications with advice on dealing with and avoiding identity theft. At the top of the list? Shredding financial documents and paperwork.
FACTA is intended to help consumers and company employees combat fraud and identity theft. It includes extensive guidelines for how companies should deal with the sensitive information contained in credit reports. Noncompliance can result in fines and civil lawsuits.
Yes. If your work with customers or employees involves credit checks, FACTA applies to you. It is far reaching, covering everyone who uses “consumer reports” — which can include everything from credit reports to employment background checks to medical histories.
The Red Flags Rule associated with FACTA went into effect in January 2011. It calls for even more effort on the part of businesses, requiring them to put in place a written identity theft prevention plan.
That can be complicated. As with FACTA itself, the Red Flags Rule has implications for organizations of all sizes and kinds. Broadly, it covers two categories of businesses: “financial institutions” and “creditors.” Since the rule is relatively recent, there are no hard-and-fast guidelines for which businesses fall under the rule and which do not. It is best to consult an attorney for the most up-to-date information.
Yes. The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act, requires among many other things that banking and financial institutions throughout the US protect the confidentiality and security of consumer data.
The GLBA contains a Safeguards Rule, under which financial institutions must develop a written information security plan, covering everything from assessing risks to designing and monitoring a safeguards program.
Maybe. The GLBA pertains to all “financial institutions” in the US — and includes a very broad definition of the term financial institution. Data processors and mortgage brokers, for instance, are mentioned specifically, as are “retailers that issue credit cards to consumers.” Other covered groups can include professional tax preparers, courier services, credit reporting agencies, and ATM operators.
Yes. The Health Insurance Portability and Accountability Act (HIPAA) requires that healthcare organizations take responsibility for the secure electronic transmission of patient information and the secure storage and disposal of that information. These organizations are also responsible for putting in place appropriate safeguards and programs to protect individually identifiable health information.
The HIPAA Privacy Rule protects all “individually identifiable health information” held in any form or transmitted. This includes past, present, or future physical or mental health conditions and past, present, or future payment information.
Not so fast. In addition to covering health plans, healthcare clearinghouses, and health care providers, HIPAA also includes their business associates: “a person or organization… that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of individually identifiable health information.”
Quite a bit, depending on where you live. Many states have instituted their own efforts to increase consumer privacy and limit identity theft. This means that in many areas, businesses have an added incentive to make sure their computer disk and paper shredding is being handled promptly and properly.
Most states have laws covering breaches of security involving confidential information stored electronically, and some also refer to printed material. Some also have laws that target the destruction of sensitive documents. Document shredding is mentioned specifically within the statute itself as a means of secure destruction.
While regulations vary from state to state, they usually refer to personal information: an individual’s name and data such as Social Security number, driver’s license number, account number, credit or debit card number, and security code or password. For specific information regarding laws in your area, contact your state’s attorney general.
Most state laws make it the responsibility of the business owner or manager to inform state officials about a data breach involving personal information — or in some cases, even the possibility that a breach may have a occurred.
These laws are always open to amendment or change, and additional states may be considering the adoption of similar legislation. Contact your state’s Attorney General for current information.
Let’s get started!Get Your Free Quote
Web Design & Internet Marketing by Textivia