Spring cleaning the office—shred it

April 26, 3:11 PMIdentity Theft ExaminerJoe Campana

Next

1 comment Print Email RSS Subscribe

Subscribe

Get alerts when there is a new article from the Identity Theft Examiner. Read Examiner.com's terms of use.

Email Address   Include other special offers from Examiner.com Terms of Use

I heard a radio announcement last Friday about a non-profit organization that was sponsoring a Shred Fest at the local mall on Saturday morning. Local events like this can be an easy, free and legal way for a small business to dispose a limited quantity of sensitive documents.

I already had thousands of client records, containing Social Security Numbers, date of births, and bank or credit card account numbers,  which I recently purged from our files and packed into a carton.

A federal Law went into effect four years ago. The Disposal Rule requires businesses and individuals that possess sensitive consumer information for a business purpose to dispose of the records properly.

This law, enforced by the FTC, is one of several privacy and information security regulations under the Fair and Accurate Credit Transactions (FACT) Act of 2003. The Disposal Rule requires secure storage, a written policy and procedures, employee training  and proper disposal by shredding, pulverizing or incineration.

Improperly secured and disposed paper documents can be a source of personally identifiable information (PII) that identity thieves can use in countless and ingenious ways to commit fraud and unintentionally ruin the lives of victims.

If your business facilitates the crime through negligent handling of paper documents--you and your business can be severely punished under law and sued by the victims. Some states have enacted tougher disposal and security laws, which apply  to any business that has customers in their state.

I maintain few customer records containing personally identifiable information and account numbers in my office. The few paper documents I maintain are locked up. I purge and destroy  them after a certain period of time, after an application is processed or when an  account is terminated. This occasional document destruction can be handled with an inexpensive paper shredder.   However, the initial “Spring Cleaning” may generate boxes of documents, which may require a document destruction vendor.

When Business records are available online, there is no need for a business to maintain duplicate paper records. For example, credit card transactions are maintained by my merchant provider. I provide specialized insurance services, and  the insurers I represent already maintain a secure electronic database of imaged documents and online transactions. There are few occasions where my business needs to be the custodian of records.

Do not maintain consumer, business or personal  records unnecessarily. Never collect sensitive information that is not necessary to conduct business. Maintaining unnecessary information is a risk and potential  liability to you and your business.

When I disposed our business records at the Shred Fest on Saturday, I watched 55 pounds of customer applications and statements whiz into confetti. I asked a volunteer, “Are you doing this again soon?” She said no, but next Saturday one of the local financial institutions is having a Shred Fest.

When I returned home, I packed 25 years worth of personal and business tax records into three boxes—ready to go from liability to confetti next Saturday.