Shred America | Shredding Industry Knowledge

Every business generates documents that contain sensitive information, but knowing how long to keep those records can be just as important as knowing when to securely destroy them. Retention requirements vary by industry, and holding onto documents longer than necessary can increase security risks and storage costs.

Improper document disposal can have serious consequences for businesses of all sizes. From customer records to employee files, sensitive information that ends up in the wrong hands can lead to costly lawsuits, regulatory fines, and long-term damage to a company’s reputation.

Educational institutions are responsible for protecting sensitive student information under theFamily Educational Rights and Privacy Act(FERPA). This federal law safeguards student education records and requires schools to take appropriate steps to prevent unauthorized access—including when records are no longer needed.

In today’s data-driven world, simply deleting files from a hard drive doesn’t guarantee that sensitive information is gone for good. For businesses handling confidential data, understanding proper destruction methods isn’t just best practice—it’s a compliance necessity.

When it comes to protecting sensitive information, businesses face critical decisions about how to handle document disposal. Two common approaches arescheduled shreddingandone-time purges. While both methods aim to securely destroy confidential data, they differ significantly in compliance risk and audit defensibility.

The Fair and Accurate Credit Transactions Act (FACTA) Disposal Rule is designed to reduce the risk of identity theft by requiring businesses to properly dispose of sensitive consumer information. But what exactly falls under this requirement—and who needs to comply?

When choosing a document destruction provider, you’ve probably seen the termNAID AAA Certified— but what does that really mean beyond a logo on a website?

Tax season increases the volume of highly sensitive documents moving through your business, and unfortunately, it also increases the risk of identity theft.

W-2s, 1099s, payroll reports, and draft tax returns contain confidential financial and personal data. If these documents are improperly discarded, they can quickly become tools for fraud.

Secure destruction is not optional — it’s a critical part of compliance and risk management.

Everyone knows that April 15 is the final day to file taxes. Sure, some years it falls on a weekend or holiday, but ask any working adult, and April 15 means one thing. It is D-day, or rather T-day, and everybody knows it.

Shred America: Your Compliance Partner
At present, there are six federal data protection regulations, all of which have very specific requirements for vendor selection, breach notification, and information disposal. Adding to the complexity, virtually every state has one or more data protection regulations, many with unique requirements related to people's rights. These new state laws don’t just apply to organizations located in the state, but to any organization doing business there no matter where they are located. 

January & February: Start the Year with an Easy Win!

At a time when protecting information is more important than ever, ensuring its security
is a gift organizations give themselves, their customers, their stakeholders, and their
employees. Here at Shred America, we are both humbled and proud to help our clients
consistently deliver on those commitments.

Every year, we set aside November 11 as the day we formally celebrate and honor the vital contribution of our military veterans. Here at Shred America, we not only want to join in that celebration, but explain how our dedication to veterans and the values they represent benefit both our company and our clients.

How Shred America Helps Clients Fulfill ESG Commitments

How Shred America’s global approach to compliance helps major corporations live up to their compliance claims.
_______
Question: What do the following US corporations have in common?
Airbnb, Adobe, Amazon, American Express, Apple, AT&T, Boeing, Chevron, Citibank,
Cisco, Coca-Cola, Dell Technologies, Dropbox, eBay, ExxonMobil, Ford, General
Motors, Goldman Sachs, Alphabet, HP Inc., IBM, Intel, Johnson & Johnson, JP Morgan
Chase, LinkedIn, Mastercard, Meta , Microsoft, Netflix, Oracle, PayPal, PepsiCo,
Pinterest, Procter & Gamble, Qualcomm, Red Hat, Salesforce, Snap Inc., Spotify,
Stripe, Tesla, X, Uber, Verizon, Visa, Walmart, Zoom.

Why and How Shred America is Responding to New State Privacy Regulations

Shred America’s clients are rightfully focused on their core competencies. That’s how it's supposed to be. All organizations should be.

Our focus at Shred America is on providing state-of-the-art, compliant, secure data destruction services, which, from our point of view, includes staying on top of relevant, changing regulatory requirements. Not only is this integral to our ability to provide compliant services, but it also means our clients don’t have to worry about it. When it comes to the secure disposal of sensitive information and regulatory compliance, it is our job to keep our clients informed, not the other way around.

Almost overnight, as regulations go, nineteen states have enacted new data protection and privacy regulations that grant individuals (data subjects) control over their personal information and impose a number of new obligations on the businesses to whom they have entrusted it. This trend has such momentum that we expect every state to follow suit in short order.

Our first response to any new data-related regulation is to evaluate its impact on our compliance and how we interact with our clients.  More broadly, we also look to how it impacts our clients’ overall compliance. This latter consideration extends beyond data destruction and allows us to advise clients more generally to keep them on the right side of things. Of course, this is only possible because Shred America closely tracks regulatory changes and has the acumen and credentials to meaningfully conduct such evaluations and provide such advice.

For Shred America, the response to new state regulations required that we modify our public-facing privacy policy and our operational (processing) policies to acknowledge and cooperate with clients’ new data subject rights obligations. Secondly, it required that we execute the Data Processing Agreement (DPA) with all our affected (state-specific) subcontractors. The DPA, which ensures processors assistance in providing data subject rights, is a specific new requirement (not unlike HIPAA’s business association agreement).

For our clients and prospects, depending on the states in which they operate, their size, and the nature of their business, Shred America’s is actively offering tools, such as a sample DPA, which is now required of all their data processors, and is offering to answer any questions and help them determine how to prepare for all their new obligations and the fulfillment of new data subject rights.

Is this above and beyond our duty to our clients? Clearly, we don’t think so. We believe our clients and prospects should expect no less.

Contact Shred America today. We’d love to answer your questions and explain how we can help.
________

New State-Level Privacy Regulations

The California Consumer Privacy Act, as amended by the California Privacy Rights Act
Colorado Privacy Act
Connecticut Data Privacy Act
Delaware Personal Data Privacy Act
The Indiana Consumer Data Protection Act
Iowa Consumer Data Protection Act
The Kentucky Consumer Data Protection Act
Maryland Online Data Privacy Act
Minnesota Consumer Data Privacy Act
Montana Consumer Data Privacy Act
Nebraska Data Privacy Act
New Hampshire Senate Bill 255
New Jersey Senate Bill 332
Oregon Consumer Privacy Act
Rhode Island Data Transparency and Privacy Protection Act
Tennessee Information Protection Act
Texas Data Privacy and Security Act
Utah Consumer Privacy Act
Virginia Consumer Data Protection Act