Don't be a victim of Dumpster Divers and Identity Theft. If your information were to fall into the wrong hands, the results could be devastating.
Secure confidential destruction of documents and data has always been an integral part of a well-maintained information management program. Due to the increase in identity theft and the public's desire to protect their individual data, businesses are now required to demonstrate compliant destruction of information as mandated by ever-changing state, federal and international legislation.
Advanced Information Management (AIM) offers secure confidential destruction of documents and data. We can easily customize this to meet your organization's needs. At no charge, AIM will help evaluate your information destruction needs to assure you the most secure, cost-effective information destruction program. We provide businesses of all sizes with a simple, reliable and most importantly, secure method of ensuring the proper, legal and compliant destruction of confidential information.
Secure Confidential Destruction of Documents and Data Features:
- Complete document shredding and data destruction
- On-site placement and scheduled rotation of security consoles and bins
- Management of one-time purge and destruction of document and data
- Programs to ensure our clients meet regulatory compliance such as FACTA, HIPAA, Sarbanes-Oxley and Gramm-Leach-Bliley
- Highly-trained staff to ensure confidential and secure handling of records
- Records center destruction fulfillment to follow our clients' retention schedules and policies
- Certificate of Destruction provided for every destruction project
Step-By-Step Peace of Mind
- Step 1
An AIM Security Officer - uniformed, bonded and fully-insured - will pick up and securely transport your confidential information to our facility in Springdale, Arkansas. If you prefer, you can deliver your confidential materials to our facility and witness the destruction of your own records. - Step 2
The level of security at AIM is unmatched in Northwest Arkansas. All paper records and optical media, such as CDs and DVDs, are shredded into 1/2" strips. - Step 3
When we finish the destruction of your confidential information we send you a "Certificate of Destruction." This verifies that all information received has been destroyed in a confidential manner. - Step 4
Our document destruction process helps our environment by recycling our shredded paper. For each ton of shredded paper we recycle, we save 17 trees and reduce pollution released by the paper mills.
...We take care of everything!
WHY SHRED?
Facts about information disposal
It's the Law!
There are several laws that require businesses to destroy rather than simply discard information. These laws have been established in an effort to protect the privacy of patients and consumers. At the same time they serve to protect the businesses that serve them.
ARKANSAS:
Senate Bill 1167 went into effect 3/31/2005 with the following mandate:
"A business shall take all reasonable steps to destroy or arrange for the destruction of a customer's records within its custody or control containing personal information which is no longer to be retained by the business by (1) shredding, (2) erasing, or (3)..."
FEDERAL:
The Health Insurance Portability and Accountability Act (HIPAA) identifies protected health information and sets rules for the security and privacy of this information.
THE GRAMM-LEACH-BLILEY ACT
Places significant restrictions on the use of customer information by those in the financial industry (insurance, banks, securities, mortgage, escrow, lenders, etc.) Such financial institutions must disclose their privacy policies to their customers.
THE U.S. SUPREME COURT
Ruled (California vs. Greenwood) that "Dumpster Diving" is not illegal. "Dumpster Diving" is the predominate method of obtaining information by those involved in crimes related to:
- Identity Theft
- Telephone Fraud
- Computer Hackers
- Credit Card Fraud
- Industrial Espionage
- Customer Lists
- Invoices
- Accounting Information
- Cancelled and Blank Checks
- Credit Card Information
- Legal Contracts
- Personnel Records
- Tax Records
- Medical Records
- Applications for Employment
- Payroll Information
- Social Security Numbers
- Signatures
- Correspondence
- Customer Mailing Lists
- Budget Data
- Bank Statements
- Financial Reports
- Confidential Letters, Memos
- Research and Development Data
What to Shred!
Executive Level
- Strategic Reports
- Budgets
- Legal contracts
- Correspondence
- Payroll information
- Performance appraisals
- Applications
- Disciplinary reports and promotions
- Medical records
- Treatment programs
- New product information
- Reports
- Formulas, product plans and tests
- Specification drawings
- Payroll statements
- Budget schedules
- Internal reports
- Supplier information
- Customer lists
- Manuals
- Training information
- Activity sheets
- Contracts
- General service information
- Health and safety issues
- Appraisals, product testing, etc.
- Supplier records
- Supplier specifications
- Supplier purchase orders
- Supplier confidential information
- Corporate records
- Customer lists and contracts
- Strategies
- Advertising
- Activity sheets
- Training information
Every Business Has Information That Requires Destruction.
All businesses have occasion to discard confidential data. Customer lists, price lists, sales statistics, drafts of bids and correspondence, and even memos contain information about business activity which would interest any competitor. Every business is also entrusted with information that must be kept private. Employees and customers have the legal right to have this data protected.
Without the proper safeguards, information ends up in the dumpster where it is readily, and legally, available to anybody. The trash is considered by business espionage professionals as the single most available source of competitive and private information from the average business. Any establishment that discards private and proprietary data without the benefit of destruction, exposes itself to the risk of criminal and civil prosecution, as well as the costly loss of business.
Stored Records Should Be Destroyed On A Regular Schedule.
The period of time that business records are stored should be determined by a retention schedule that takes into consideration their useful value to the business and the governing legal requirements. No record should be kept longer than this retention period.
By not adhering to a program of routinely destroying stored records, a company exhibits suspicious disposal practices that could be negatively construed in the event of litigation or audit. Also, the new Federal Rule 26 requires that, in the event of a lawsuit, each party provide all relevant records to the opposing counsel within 85 days of the defendant's initial response. If either of the litigants does not fulfill this obligation, it will result in a summary finding against them. By destroying records according to a set schedule, a company appropriately limits the amount of materials it must search through to comply with this law.
From a risk management perspective, the only acceptable method of discarding stored records is to destroy them by a method that ensures that the information is obliterated. Documenting the exact date that a record is destroyed is a prudent and recommended legal precaution.
Incidental Business Records Discarded On A Daily Basis Should Be Protected.
Without a program to control it, the daily trash of every business contains information that could be harmful. This information is especially useful to competitors because it contains the details of current activities. Discarded daily records include phone messages, memos, misprinted forms, drafts of bids and drafts of correspondence. All businesses suffer potential exposure due to the need to discard these incidental business records. The only means of minimizing this exposure is to make sure such information is securely collected and destroyed.
Recycling Is Not An Adequate Alternative For Information Destruction.
To extract the scrap value from office paper, recycling companies use unscreened, minimum wage workers, to extensively sort the paper under unsecured conditions. The acceptable paper is stored for indefinite periods of time until there is enough of a particular type to sell.
There is no fiduciary responsibility inherent in the recycling scenario. Paper is given away or sold and by doing so, a company gives up the right to have a say in how it is handled. There is, also, no practical means of establishing the exact date that a record is destroyed. In the event of an audit or litigation, this could be a legal necessity. And, further, if something of a private nature does surface, the selection of this unsecured process could be interpreted as negligent. For all these reasons, the choice of recycling as a means of information destruction is undesirable from a risk management perspective.
If environmental responsibility is a concern, materials may be recycled after they are destroyed or a firm can contract a service that will destroy the materials under secure conditions before recycling them. Any recycling company that minimizes the need for security has its own interests in mind and should be avoided.
A Certificate Of Destruction Does Not Relieve A Company From Its Obligation To Keep Information Confidential.
Any company contracting an information destruction service should require that it provide them with a signed testimonial, documenting the date that the materials were destroyed. The "Certificate of Destruction", as it is commonly referred, is an important legal record of compliance with a retention schedule. It does not, however, effectively transfer the responsibility to maintain the confidentiality of the materials to the contractor.
If private information surfaces after the vendor accepts it, the court is bound to question the process by which the particular contractor was selected. Any company not showing due diligence in their selection of a contractor that is capable of providing the necessary security could be found negligent.
And, from a practical standpoint, if proprietary or private information is lost or leaked by the fraud or negligence of a vendor, the obligations of that vendor are irrelevant. The firm whose information falls into the wrong hands stands to lose the most, either from loss of business, prosecution or unfavorable publicity.
Since a business cannot transfer its responsibility to maintain confidentiality, it must be certain that it is dealing with a reputable company with superior security procedures. Unfortunately, there are those information destruction services that provide certificates of destruction while having no semblance of security and in some cases, no destruction process available to them. Anyone interested in contracting a data destruction service is advised to thoroughly review their policies and procedures, conduct an initial site audit and conduct subsequent unannounced audits. On-site document destruction is also an option in most cities.
Most Records Storage Companies Do Not Have The Equipment To Provide Shredding Services.
Many commercial records storage facilities offer records destruction as a service to their customers. However, in a survey conducted by the National Association for Information Destruction, a majority of the commercial storage firms were found lacking the equipment necessary to provide the service themselves. It is a common practice in that industry to subcontract the destruction of the records. In some cases, disreputable storage firms were found misleading their customers by charging for secure records destruction, while the materials were being sold to a recycling company for scrap.
Any business using a commercial records storage firm should inquire as to the nature of the destruction services that are available. It is an unacceptable risk to permit a storage firm to select a subcontractor to provide the records destruction service. The owner of the records is ultimately responsible for their security and, therefore, should be selecting the vendor directly.
Internal Personnel Should Not Be Responsible For Destroying Certain Information.
Common sense dictates that payroll information and materials that involve labor relations or legal affairs, should not be entrusted to lower level employees for destruction. But, beyond that, competition sensitive information is best protected from them as well. It has been established, time and again, that low wage employees often have the economic incentive to capitalize on their access to it. The only acceptable alternatives are to have the materials destroyed under the supervision of upper management or by a carefully selected, high security service.
Information Protection Is A Vital Issue To Senior Management.
Top executives from 300 companies ranked the security of company records as one of the top five critical issues facing business. When asked which issues required immediate attention and policy development, the security of company records ranked second only to employee health screening.
Courtesy The National Association for Information Destruction, Inc.
Contact Us
Learn more about our services and Request A Quote.
