Who Is Looking after Your Information?

Contact Us for Your Free Quote!
Newsletter Sign Up

Get the latest industry tips and offers.

  • This field is for validation purposes and should be left unchanged.

Utilizing individuals’ information is a standard practice for any business. But it is crucial that the information you have is handled properly. Properly looking after that information requires that it be in the right hands. Here are some key information handling procedures to consider:

Information Processing

The information that you generate, utilize, and remains in your possession must be closely monitored from the moment it is created until it is properly disposed of. This lifecycle is known as, “cradle to grave.” The Privacy Act of 1974 indicates that your company is responsible for the mishandling of Personally Identifiable Information (PII). PII includes:

  • person’s name
  • address
  • email address
  • social security number
  • passport number
  • driver license number
  • credit card number
  • date of birth
  • telephone number
  • vehicle ID number or license plate

Personal Health Information (PHI) is regulated by the Health Insurance Portability and Accountability Act (HIPAA), to protect health related personal information and includes:

  • Health records and histories
  • Lab tests results
  • Many other individuals’ health related information and identifiers

Financial information is protected by the Gramm-Leach-Bliley Act (GLBA), and educational information is protected by the Family Educational Rights and Privacy Act (FERPA).

So, who is looking after this information for you?

Information Management


Where are your records stored that are no longer being used? Are they easily accessible? Are they protected from security breach, fire, flood, rodents, insects, or any other elements?


Is your information protected whether it is in paper or digital format? Is there a dedicated storage room, staff or cameras protecting the data and equipment? Is your information protected from hackers, malware, ransomware, and viruses?


Is your information backed up securely and on a regular basis in the event that the original is lost or damaged?

Information Destruction

The information that you are responsible for eventually must be destroyed properly, in accordance with legal requirements.

Retention Dates

All records have a lifecycle, and some records don’t have a final disposition date—they must be retained indefinitely. The Sarbanes-Oxley Act (SOX) sets the minimum retention time prior to shredding of documents. Because sensitive information must be held in secure confidence, it should never be held longer than necessary. Digital information must be erased completely, and paper documents must be destroyed to be unreadable.

Chain of Custody

Has your information been properly tracked from beginning to end? In the event of an audit, could all records be accounted for whether they still exist or have been destroyed? Maintaining a chain of custody for your records is critical.


When your information needs to be destroyed, is it properly shredded with proof supplied by a Certificate of Destruction? The Fair and Accurate Credit Transportation Act (FACTA) holds companies responsible for improperly disposing of sensitive documents. Paper documents must be destroyed so that they can no longer be assembled or read, and old drives must be shredded so that information cannot be retrieved. The Computer Fraud and Abuse Act (CFAA) explains how the disposal of digital information must be legally handled.

These requirements for looking after information are the perfect job description for a legally compliant records management and NAID AAA Certified shredding company. CI Information Management, located in Kennewick, WA, is the perfect solution to handling your sensitive information from “cradle to grave” with full-service Records Storage and Shredding. Give us a call at 509-586-6090 or complete the form on this page.