Document Shredding and the Law
The Existence of Paper Documents
The use of paper by the average business increases 22% annually, meaning it doubles every 3 1/3 years. Most of that paper has a limited lifecycle and should be responsibly disposed of. Whether it is bills, financial statements, marketing plans, employee documents, boarding passes, travel plans, or any other record with personal information, the law governs when and how it is disposed of.
A retention period is the length of time a record must be kept. State and federal laws determine these retention periods. Sometimes retention periods can be extended, but they can never be shortened. Colorado law states that the retention time for records is three years from the date of creation unless another law states otherwise. Most retention periods are between 2 and 8 years. These include employment records, financial transactions, and internal audits. Other retention periods are endless and require records to be kept permanently. These often include documents like copyrights, mortgages, and external audits. The Sarbanes-Oxley Act (SOX) sets out the minimum retention time for documents.
Not all document retention periods start at the same time. The retention time could be measured from:
- The document creation date
- The document expiry date
- Another specified date, like the age of majority for an individual
Keeping a document beyond its retention period should be avoided because it increases the risk of the document being misplaced, stolen, or accessed by unauthorized individuals.
Everyone has the right to protection of personal information. There are several privacy laws that govern those that are in possession of Personal Identifiable Information (PII) and for those responsible for the proper disposal of confidential documents. Some of these laws include:
- The Privacy Act, created in 1974, which indicated that everyone has a right to privacy and companies are responsible for the mishandling of PII.
- In the same year, the Family Educational Rights and Privacy Act (FERPA) was made law and protects the privacy of student education and parent records, holding educational institutions responsible.
- Since first being enacted in 1984, the Computer Fraud and Abuse Act (CFAA) continues to evolve with regard to the handling and disposal of digital documents.
- The Health Insurance Portability and Accountability Act (HIPAA) has regulated the protection of Personal Health Information since 1996.
- Since 2003, the Fair and Accurate Credit Transportation Act (FACTA) has held companies responsible for improperly disposing of sensitive documents.
Apex Shredding provides NAID AAA Certified shredding for businesses in Northern Colorado. Contact us at 970-591-4625 or complete the form on this page to discuss your shredding needs.