Why Shred?

Protect your company’s, employee’s, and client’s information.

Two Most Common MYTHs About Outsourcing Your Shredding

Myth:
Outsourcing is more expensive than shredding ourselves.

Truth:

The only way that having your own shredder is less expensive is if your employees don’t use it.  When your company destroys everything that it should, it is far less expensive to outsource than to shred it yourself.

Myth:
We do not have enough material to warrant a shredding service.

Truth:

An office with just a few employees can generate over 100 pounds of paper every month. That means many hours spent feeding a few sheets at a time into a small office shredder. It is far more secure, economical and convenient to collect these materials in a security container than for you to try to keep up with it.

So Why Shred to Begin With?

In today’s environment it is more important than ever to protect your company’s, employee’s and client’s information. The courts have ruled that once you place your material into a trashcan, recycling receptacle, or dumpster, you lose all privacy rights to that information, no matter how sensitive or proprietary it is – even if it’s is your trashcan. The laws on public domain protect the people taking the information – NOT YOU! You may even be held liable for negligence if the discarded material does harm to someone. SHRED with Greenway Shredding & Recycling FOR SAFETY! With the development of the Health Information Portability and Accountability Act of 1996 (HIPAA), and the Gramm-Leach-Bliley Act of 1999 (GLBA), and The Fair and Accurate Credit Transaction Act of 2003 (FACTA) shredding of documents has become the recommended method for the handling of sensitive documentation.

The Law

Your Organization must comply with laws and regulations, requiring that it protect certain information when it is discarded.

An increasing number of laws actually require organizations to shred or face steep fines.

Your Customers

Whether your customers are consumers concerned about Identity Theft and Privacy, or companies concerned with protecting trade information, you are entrusted with information that they consider to be extremely confidential.

In fact, whether you know it or not, you have an “implied contract” to protect that information simply based on the fact that you are collecting the data to conduct business.

They have the legal right to expect you to take every precaution to protect it, including shredding it before it is discarded.

Your Public Image

Dumpster diving has become Investigative Journalism 101. With all the privacy compliance laws, it is the first place reporters look when trying to grab a quick headline.

Privacy is the newest consumer awareness issue. Confidential information in your dumpster is an easy source for sensational headlines – and of course, criminals.

Your Employees

Employees (past & present) have a legal right to have their personal information protected by shredding before it is discarded.

Insurance records, employment applications, time cards, health records, accident reports and attendance records are examples of information that legally must be protected.

Corporate Ethics

In this day and age, it is very important that your organization exhibits the highest ethical standards.

Casually discarding company information, whether in the form of an individual’s personal information, or company trade information, shows a disregard for customer and shareholder welfare. It exposes customers to the threat of identity theft and other fraud. It also risks your company losing its trade secret protections in court.

Trade Rights

The Courts have demonstrated many times that they will not recognize trade information protections if a company doesn’t take every step to protect the information themselves. Casual disposal of information have been the bases for courts to deny trade information rights, which otherwise would have been enforceable.

The US Supreme Court has ruled that you forfeit the right of ownership to discarded information.

Shred for Healthcare Compliance

You’re already familiar with HIPAA and why your patients’ protected health information must be kept private. But with the HITECH Act, authorities are increasing their enforcement of HIPAA and imposing expensive case-by-case penalties for willful neglect. It is crucial to be sure that the company you choose to shred your confidential medical information is secure – and helps you comply wit the latest legislation.

Regulatory authorities enforcing the HITECH Act are becoming more proactive. Fines and penalties have increase since 2009, and are expected to climb. Check our the examples and recent findings about patient privacy in the U.S.:

  • In February of 2011, a Maryland healthcare provider was fined $4.3 million for violations to the HIPAA Privacy Rule.
  • A large insurance provider in Connecticut paid $250,000 for waiting more than six months to notify 500,000 patients that their unencrypted personal health information (PHI) was on a missing disk drive.
  • The average cost of a data breach per hospital is $2 million.
  • 60% of hospitals in the U.S. have suffered at least two breaches.
  • The average number of lost or stolen patient records per data breach is 1,769.

Think about it. If secure document destruction isn’t your current shredding provider’s core competency, your patients’ information is at risk.

  • Shredding service providers that offer multiple services are primarily concerned with service logistics and cost efficiencies.
  • Service can be compromised when you vendor has to outsource the work to service all your locations.
  • Many vendors can’t guarantee a secure chain of custody, or provide a certificate of destruction.
  • Their employees may have little or no training, because they have to perform many services in addition to document destruction.
  • A multi-service provider won’t have the training and expertise to advise you on the best practices, or keep you up-to-date on changes in legislation.

Headlines Plucked From The News & The Dumpster!

  • A Michigan hospital operator is fined $1 million for disposing of patient information without the proper security measures in place. (reported by the Detroit Free Press on 10/1/2007)
  • The Attorney General of Kentucky conducted an investigation showing that 33 out of 121 dumpsters of local businesses contained more than 500 records containing personal information. (reported by Lexington, KY based, WTVQ on 10/30/2007)
  • The US Federal Trade Commission fined a medium sized mortgage brokerage company $50,000 for discarding client financial information without properly destroying it first. (reported by www.ftc.gov on 12/8/2007)
  • The Attorney General of Texas filed charges against a medical facility for discarding patient information without properly destroying it first. According to reports, the fines could reach over $1 million. (reported by Lubbock Avalanche Journal, 1/11/2008
  • Indiana’s Attorney General filed complaints on 8/31/2007 with the Indiana Pharmacy Board against 14 Indianapolis area pharmacies and 14 individual pharmacists for failing to protect sensitive patient information that was put in dumpsters prior to being destroyed. (reported by legalnews.com on 9/20/2007)
  • Ohio’s Attorney General brought charges against a small mortgage company and its owner for abandoning personal financial information about its customers. The suit could result in loss of a business license and civil penalties, including all court costs and legal fees. (reported on the website of the Ohio Attorney General on 12/7/2007)

Important Links:

HIPAA:  http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html

GLBA:    http://www.ftc.gov/privacy/glbact/glboutline.htm

FACTA:   http://www.ftc.gov/opa/2004/06/factaidt.shtm

List of industries that need shredding and recycling services.
Continued list of industries that need shredding services.