tl;dr
With identity theft and financial fraud on the rise, proper security protocols are more important than ever for your business. Document destruction is one of the most secure means of preventing your information from falling into the wrong hands. However, appropriate document destruction requires a basic understanding of how the different types of document destruction relate to the security of your personal and company information.
Current Risks
Since 1988's California v. Greenwood court decision, trash has been designated as public property. Originally, the Supreme Court's decision was designed to allow for the warrantless search and seizure of discarded property based on the idea that the Fourth Amendment could not reasonably be understood to refer to garbage. However, in reality, the decision has done as much to help criminal investigations as it has to enable financial criminals, as they can now legally use your garbage as a legal pathway to gaining access to your personal information. In fact, it is now estimated that 20% of all data breaches can be traced back to paper sources. This is one of many reasons for the federal laws put in place to protect consumer data, including: HIPAA, FACTA, and GLBA.
Despite the reality of the risks, many companies have failed to implement sufficient security procedures. One survey of seventy-one British commercial organizations revealed that a large percentage of them disposed of sensitive documents without any form of shredding. 45% of them disposed of blank letterhead, 24% disposed of director's signatures, 44% disposed of complete invoices, and 20% disposed of company bank account information. There is little evidence to suggest American corporations are any more vigilant. To prevent this sort of gross negligence, the Federal Trade Commission has compiled a list of what documents should be kept and which documents should be shredded. If you are unfamiliar with how long you should save particular documents, then review the FTC's comprehensive breakdown here.
Reviewing the FTC's discussion of the topic will give you a general idea of what documents should always be shredded. However, even documents containing partial information can put you at risk, as partial numbers from various sources can help a potential thief. It may surprise you that junk mail is actually one of the richest sources for compiling partial data. With the United States Postal Service delivering over 187 million pieces of mail a day, there is every chance for industrious thieves to use the partial information and the barcodes often found on junk mail to steal your identity and financial information.
Best Practices
Depending on the types of documents your company regularly handles, you will want to make sure you enlist a shredding service that offers the level of security and destruction you need. Levels of shredding are defined by the size of the particles left behind, ranging from P2 to P7, with P7 being the smallest particles and offering the most security. It is recommended that most businesses use a minimum of P3 or P4, which are HIPAA compliant, but P6 and P7 are required for high security government documents.
Additionally, it is highly recommended that you use a paper shredding service, as they are generally more cost effective and efficient. For the best security, a company should invest in using an on-site service, but off-site services can be secure and functional when properly audited. For this reason, several states and government agencies are required to use services certified by the National Association of Information Destruction.
The NAID ensures that regular audits are carried out at the document destruction facilities to check the service's compliance with HIPAA, FACTA, and GLBA. In addition, these audits check for Payment Card Industry (PCI) compliance. They require that all materials are destroyed to an extent that recovery is deemed impossible and that all storage containers for complete documents are properly secured, effectively preventing any form of interception prior to destruction. If you do not have a local NAID AAA certified service, then you should arrange to perform a pre-contract audit with the provision that you may audit the facility throughout the contract period.
Beyond Financial Security
In addition to providing your business with a higher level of financial security, properly shredding sensitive documents is key to maintaining a healthy relationship of trust with your employees as well as your clients. By taking the necessary steps to protect their information, your company is able to demonstrate its commitment to the safety of those it aims to serve. As an added bonus, shredded paper is also easier to recycle, which can help to give your company a "greener" look in a world that increasingly values businesses that try to do their part.
Ultimately, disposing of sensitive documents in a safe and ethical manner is best for everyone involved, as it protects all of your most valuable assets: your company's security and the faith of your consumer base. If you haven't already, it's time to find a local shredding service, so that you can start the transition towards better, more secure practices.