Each state has laws and regulations regarding privacy and data destruction.  Today, we’ll look at a few of these laws and why they are important.  Especially, how they pertain to the general areas of Delaware, Pennsylvania, New Jersey, New York, and Connecticut.  Laws and privacy shredding are more pertinent than one may initially assume! Individuals and businesses alike must protect their sensitive information.  Thus, avoiding possible identity theft and other legal consequences.

Why Is Privacy Shredding Important?

Destroying documents that contain personal and/or confidential data is crucial for many reasons.  For one, it helps prevent data breaches and identity theft.  Secondly, with proper document disposal, it ensures compliance with various laws and regulations.

Privacy Protection

It is more important than ever to ensure personal information is properly destroyed.  Social Security numbers, bank statements, confidential client information- the list of documents that would be dangerous in the wrong hands is endless.  Proper disposal of these documents ensures that the odds of unauthorized access (that may lead to the misuse of the data, such as identity theft) are reduced. 

Regulation Compliance

Several laws are in place that require the secure disposal of sensitive documents.  These laws are found at both the state and federal levels.  Ignoring such regulations or improperly disposing of sensitive documents can lead to fines, penalties, lawsuits, and reputational damage.  This is even more of a concern for businesses that handle confidential client information (banks, insurance companies, law firms, etc).

New York and Connecticut are among several states that have enacted laws requiring businesses to protect their records and those of their clients against unauthorized access.  For example, New Jersey and Pennsylvania also have data privacy laws that impact how documents are disposed of.

Business Operations

Any business that handles personal and professional data must abide by secure document disposal protocols. for the protection of sensitive information.  Businesses in sectors such as finance, healthcare, and law must consider the legal obligations to do so. There are many ethical obligations to weigh as well.

While the business has a large role in ensuring such documents are adequately disposed of, individuals need to do their part.  There should be special care taken when destroying anything that contains personal information.  This includes confidential mail, bank statements, client lists, and much more.  For this reason, each business and its employees must adhere to strict protocols to comply with shredding laws.  Thus, minimizing the risk of both financial and legal repercussions.

Laws and Privacy Shredding

New Jersey

New Jersey has its own laws regarding the need for businesses to securely destroy customer records.  For example, the New Jersey Identity Theft Prevention Act, enacted in 2005, continues to be in effect.  

This act requires businesses to destroy customer records that contain private personal information that no longer need to be retained. These records must be shredded, erased, or otherwise modified to ensure any information is unreadable.  

Shredding these documents is the most commonly suggested method for destroying these records.  Mobile shredding services in New Jersey are the most convenient and secure way of ensuring the proper destruction of such documents.  Hence, certifying compliance with regulations.

In the case of a breach, the affected individuals and certain government bodies, such as the State Police, must be notified before disclosure.  Non-compliance has the potential to lead to civil suits.  This clearly shows the importance that must be placed on recording the chain-of-custody, along with proper shredding practices.

New York

New York’s laws on privacy and shredding include the General Business Law (Disposal of Records Law) and the New York State Information Security Breach and Notification Act. These laws obligate organizations and private companies to take the necessary precautions to protect personal information.  

This often includes adopting strict policies, including shredding paper records and securely deleting electronic media. Routine audits of shredding practices must be implemented as well.

New York General Business Law – Disposal of Records Law

The Disposal of Records Law is in place to ensure that entities that gather personal information take appropriate measures when disposing of it.  This includes shredding records or otherwise destroying/modifying personal identifying information before disposal. 

In this case, “personal identifying information” refers to:

• Social Security number,
• Driver’s license number/non-driver ID card number,
• PIN,
• Mother’s maiden name,
• Financial services account (such as savings/checking) number/code, and many more.

In the case of violations, an application may be made by the Attorney General.  If the court determines a violation has occurred, a civil penalty of not more than five thousand dollars may be imposed.  For more specific details, please refer to this page.

NY Medical Record Shredding

While financial records are a priority, medical record shredding is also extremely important.  Under the Health Insurance Portability and Accountability Act (HIPAA), healthcare providers must regularly shred documents containing patient information.  This is done to prevent identity theft.

The time required to keep medical records differs depending on the patient’s age (adult vs minor) and the circumstances surrounding their treatment(s)/hospital stay.  HIPAA requires entities to retain patient documentation for six (6) years.  However, according to Total HIPAA, New York state law takes precedence if it mandates a longer retention period.

After the required retention period, records can be destroyed.  However, we always encourage you to confirm the protocol with the necessary parties on a case-by-case basis.  If there is ever an inkling of doubt about the retention period, documents should be retained until the guidelines regarding destruction have been confirmed. 

For further information on laws and privacy shredding in NY, New York State offers resources on protecting personal information.  This includes an informative chart that shows the recommended periods to retain certain documents according to their type.  And, what method of secure disposal is recommended once the retention period has elapsed.

Delaware

Delaware’s laws are similar to New York’s in that they aim to protect individuals from identity theft and access to their data.  The laws on document destruction (or rendering them unreadable) include § 12B-100 Protection of Personal Information, which states:

“Any person who conducts business in this State and owns, licenses, or maintains personal information shall implement and maintain reasonable procedures and practices to prevent the unauthorized acquisition, use, modification, disclosure, or destruction of personal information collected or maintained in the regular course of business.” 

House Bill 295, signed into law in 2014, also requires commercial entities to destroy or arrange for the destruction of hard copy and electronic records that contain personal identifying information once their retention period ends.  The best methods for ensuring the documents are undecipherable are cross-cut shredding, burning, and, in other cases, digital sanitization.

Businesses that fail to comply may face civil penalties.  If consumers suffer damages due to these violations, they can file lawsuits.  Some entities, however, are exempt from such requirements.  This includes government agencies, banks, health insurers, and credit unions.

Pennsylvania

Similarly, Pennsylvania has the Breach of Personal Information Notification Act (also known as Pennsylvania Senate Bill 713). This requires businesses to use cross-cut shredding once the information is no longer needed.  

The act highlights the importance of preventing breaches, along with what must be done in those circumstances.  For example, they must notify individuals when their data is compromised or breached.   Click here for further information on privacy compliance in Pennsylvania.

Connecticut

Connecticut’s Data Breach Notification Law, among other privacy-related statutes, requires organizations to adopt secure document destruction methods.  “Privacy shredding” will reduce the risk of identity theft, limit liability, and help avoid the associated penalties that may follow a data breach.

In the case of a breach, any person (including companies) who owns, licenses, or maintains computerized data must disclose the breach to the Attorney General’s office.  

Lawful Document and Non-Document Destruction

Laws and privacy shredding services have been implemented to ensure the proper disposal of relevant documents. This is done in a way that makes reconstruction impossible, and abiding by these laws is imperative. With the help of certified document destruction services in New York, Delaware, Pennsylvania, and Connecticut, such information will be kept secure.  

Fulfill all of your document destruction needs with IDS Autoshred today!  We provide on-site and off-site shredding using strict protocols. We also provide certificates of destruction to testify to the proper shredding methods. Our trustworthy team is all you need for secure shredding!

If you have non-document destruction needs, we can help with that, too!  Read more about our full range of services here. Call us to book your shredding at (877) 886-4732 or message us directly online. We will get back to you as soon as possible.