Shredding and Regulations - Data Security and Compliance- UV&S Inc.

Important Things to Consider Regarding Shredding and Regulations

No matter what industry you’re in, there are laws and regulations that you must adhere to when it comes to how you manage, retain and dispose of sensitive documents. Understanding shredding and regulations is crucial because data destruction can greatly reduce the risk of sensitive information falling into the wrong hands. In addition you also need good policies and procedures in place to ensure data is protected throughout all parts of its life cycle.

Are you regularly shredding material?
Do you have a retention schedule?
Are sensitive documents secure while waiting to be destroyed?
If you outsource shredding, is your vendor NAID certified?
Are your policies communicated and understood by all employees?
Is the type of data you collect regulated by the government?

Your Partner in Data Security and Compliance

UV&S has invested our time to remain informed of the laws and regulations regarding the destruction of information. Some of these regulations include HIPAA, GLBA, FACTA, SOX, HITECH, and the RED FLAG Rule. Our goal is to help you comply with the legislation that pertains to you. Most businesses are affected by some or all of these regulations. If you outsource, it’s very important to have a shredding vendor you can trust. Our policies have been created with these regulations in mind. And with the ever changing regulatory environment you want someone in your corner that is keeping up with the changes and implementing policies to help you remain compliant.

For our client’s peace of mind and to keep industry best practices, we renew out NAID certification every year. The certification requires an audit of our security standards and our Policies and Procedures. As a result you can be assured we are maintaining the highest levels of security.

Our procedures include:
– Documentation of the transfer of custody of the material we pick up.
– An Agreement of Service to record what we received, when we took custody, and how the material will be destroyed.
– Providing a contract that meets regulatory requirements.
– Executing a Business Associate Agreement when provided by the client. This document spells out our respective responsibilities and stipulates necessary compliance language to protect the reputation of your business.

What you can do – Shredding compliance begins with your Employees

Ensuring that confidential and sensitive information is handled properly from the time it’s recorded until it’s ultimately destroyed is vital to protecting your business. What employees do every day ultimately impacts whether or not you fully comply with the laws and regulations that govern your industry. Arm your employees with knowledge regarding the importance of compliance and how their actions impact the company. Then keep the subject of compliance fresh in your employees’ minds by creating a comprehensive training strategy.

The Key to Compliance

Compliance with regulations starts with policies and procedures. Your responsibility as the employer is to train employees to properly handle all confidential information. In order to do so, your employees need written guidelines and training to ensure compliance.

Information Security Matters – Shredding and Regulations

Establish a corporate culture where every team member understand the importance of data protection.
Designate a key member of your staff as a compliance officer with a set of rules and responsibilities that are clearly defined.
Set up clearly defined guidelines regarding what documents and data must be retained, how it should be protected during retention and when it should be purged.
Institute the right policies regarding paper document disposal, making it clear when documents should be shredded and when they can be placed in the recycling bin.
Protect all types of electronic data that your company owns—from outdated VHS tapes to your brand new hard drives.
Create a mandatory schedule for training and retraining your employees on your policies and procedures.
Outline the steps that should be taken if an employee does not adhere to policies and procedures or if a data breach of any size occurs.