Common Misconceptions about Shredding

A man is standing with one hand on his hip and the other hand palm-up with a look of revelation on his face.One of the best ways to protect the information your business generates is to shred it. However, there are several misconceptions about shredding that need to be addressed. In this article, we clear up these misunderstandings in a Q & A with multiple-choice answers. Go ahead and test yourself! We promise there are no trick questions.

You are required to shred your documents if…

a) Your business is in your home.
b) Your business has 10 employees or less.
c) You generate or manage medical information.
d) None of the above.

The correct answer is d) None of the above. The law only states that you must destroy the information, and shredding is the preferred method of all types of organizations, in all industries around the world.

Regardless of your business location or size, if you collect, generate, store, and use Personally Identifiable Information (PII), you are not exempt. Laws such as FACTAHIPAA, and GLBA state that your business is obligated to destroy PII when its lifecycle is complete. This includes both paper documents and electronic devices that store information.

What is the required size of shredded documents?

a) Strips of no more than 7/32” in width.
b) Cross- or particle-cut strips of less than ½”.
c) The law does not specify a shred size.
d) Shred size doesn’t matter as long as pierce-and-tear shredding is used.

The correct answer is c) The law does not specify a shred size. That’s right! No law specifies a required size of shredding. As long as it can’t be read or reconstructed, your information destruction method is compliant with data privacy laws.

No one will look through your trash or recycling bin. Criminals are only interested in digital information these days.

a) True
b) False

The correct answers is b) False. Professional dumpster divers are actively looking for confidential information. These individuals are highly skilled at sifting through any type of refuse to retrieve valuable information. Merely tearing up your papers is not a deterrent. Once you have disposed of your trash, it becomes public property according to the government. Identity theft is illegal, of course, but criminals don’t care about the law. However, if your information hasn’t been properly destroyed and someone steals and uses it, you are legally fully responsible and liable.

The good thing about saving your records is:

a) You avoid the cost of shredding them.
b) You always have records should you need to reference them.
c) Both of the above are true.
d) Saving your records indefinitely is not a good idea.

The correct answers is dSaving your records indefinitely is not a good idea. Although saving your records indefinitely may seem advantageous, let’s examine the reality.

Unless you are required to save records for specific purposes, such as deeds and identity certificates, you should never save them indefinitely. There are specific retention periods mandated by law for each type of record. Information must not be discarded before its retention date, but it must never be saved beyond that date either. Saving information unnecessarily puts it at risk of being lost or stolen, and if an investigation or legal action is initiated, all existing information is discoverable. Conversely, if an active investigation or legal action is dependent on that information, it must not be destroyed.

Is buying a shredding machine a cost-effective way to shred business documents?

a) No
b) Yes, if your employees are trained in privacy law compliance.
c) Yes, always.
d) Yes, as long as employees don’t spend too much time shredding.

The correct answer is a) No. In-house shredding is not a cost-effective option. Although it is often assumed that shredding your own documents is a cheaper option, there are additional expenses to consider, such as paying skilled employees to feed, clear, and empty the shredder rather than focusing on their core tasks.

Furthermore, DIY shredding does not provide you with a Certificate of Destruction to prove your compliance with data privacy laws. It is also essential to consider the risk associated with discarding information that could be used illegally and the cost of bad press, loss of trust with clients, or potential fines or legal action.

We can toss our shredded paper in the recycling bin or dumpster to help the environment.

a) True
b) False

The correct answer is b) False. While many curbside recycling programs do not accept shredded paper in their standard recycling stream, professional shredding companies have the means and ability to process and bale their shredded paper to meet recycling requirements.

By engaging a professional shredding company that recycles 100% of its shredded paper, you can be sure that all of your shredded paper will stay out of landfills and be recycled into new products.

Does the law require that someone witnesses the document shredding process?

a) Yes, an authorized company representative must witness every shredding project.
b) Only HIPAA-covered entities must witness shredding.
c) No, witnessing shredding is not required by law.
d) No, shredding must be done without witnesses to ensure data security.

The correct answer is c) No, witnessing shredding is not required by law. While mobile on-site shredding allows you to witness the process if you prefer, the law does not require it. It is wise to use the services of a professional shredding company that has screened and trained trustworthy staff so you do not feel obligated to witness the shredding process each time. The Certificate of Destruction provided by your shredding company serves as your legal proof properly destroyed according to data privacy laws.

Are all shredding companies the same?

a) Yes, there are no real differences between shredding companies.
b) No, they differ wildly from unsecure fly-by-night to the highest-security, NAID AAA Certified.
c) There are minor differences between shredding companies, so choose what works best for you.
d) None of the above.

The correct answer is b) No, they differ wildly from unsecure fly-by-night to the highest-security, NAID AAA Certified. It is up to you to ensure that you choose a reputable, secure shredding company because regardless of the company you choose, you are still responsible for the privacy and security of the information.

The best way to ensure the highest security standards and compliance with legal requirements—verified by regular, surprise audits conducted by an independent, third party— is to choose a company that is NAID AAA Certified.

CI Information Management is a trusted and proven NAID AAA Certified shredding company that offers on-site mobile shredding at your location. We provide a secure chain of custody from the supplied shredding collection containers to a Certificate of Destruction upon completion of the process. If you have any questions or need clarification on any other shredding misconceptions, please call us at 509-586-6090 or complete the form on this page.