Home ››  Site Map ››  Contact ››

Recycling is NOT Secure Disposal

by Michelle Keshel

Document Destruction Service Features

This article responds to the many questions that we receive on the topic of recycling and the secure destruction of documents.

First, we want to stress that simply recycling documents is not a secure method for eliminating either the document, or the risk associated with the information that the document in question contains.

In review of the requirements of Federal laws and regulations governing the privacy of information (for example, HIPAA, FACTA, and Sarbanes-Oxley), guidelines for the destruction of documents center on the application of “reasonable care”.

In review of the term “reasonable care”, the recycling of documents, without first indelibly destroying either the paper document, or electronic media, does NOT meet this definition or requirement of the law.

In other words, from the legal perspective, if documents containing sensitive information are sent off for recycling, and then subsequently compromised, you are still liable to prosecution, fines, and/or lawsuits, because that method does not meet the established standard of “reasonable care”.

There are good reasons for why recycling documents is excluded from the standards of “reasonable care”. These reasons are clear when we look at the differences between companies like IPSA, and our members, who provide secure document destruction services, in contrast to vendors who provide recycling services.

The company providing secure document destruction services knows that if information entrusted to their care is compromised, that they can go out of business - While the recycling company knows that if they do not recycle materials as cost effectively as possible, they will go out of business.

In terms of security, these two concepts are opposed to one another, even though both are valid business strategies. However, in terms of your business, and the laws that regulate the protection of information, your “reasonable care” requirements are only aligned with the secure document destruction business strategy.

A secure document destruction company, especially one like IPSA, who requires NAID certification, only employs persons without criminal backgrounds, we also provide extensive security training for employees. Further, when we pick up documents for destruction, they are under guard until their destruction is verified.

In contrast, the recycling vendor does not incorporate any of these safeguards into their business operations. First, they are too expensive, and secondly, they are not needed. This is because they operate with the assumption that all of the material that they recycle is waste material. So if one piece of paper does not make it into the recycling bundle, or if it comes loose from the bundle on a train car – it really doesn’t matter - Even if that one piece of paper includes all of the social security numbers of your employees, it still does not matter to the recycler. And of course this is a reasonable perspective - After all, their business is recycling, not security.