When details of Hewlett-Packard’s boardroom leaks investigation surfaced, many people were shocked—shocked!—to hear that HP may have hired investigators to go through individuals’ trash. But Dumpster diving is a favorite technique, and it’s often legal, which creates the need to shred wisely. Here are a few best practices you can share with colleagues.
¿ Trash is not inherently private. In 1998, the Supreme Court ruled that Americans do not have a right to privacy regarding trash. The Economic Espionage Act of 1996, which made it a federal offense to steal trade information, doesn’t protect firms that fail to take reasonable steps to protect data.
¿ Keep documents only as long as needed. Especially in regulated industries, your company should have policies detailing retention periods and disposal instructions for various document types.
¿ Don’t shred documents out of turn—such as when your firm prepares for a suit.
¿ Customer or employee information that contains names, Social Security numbers, dates of birth, account balances or health conditions should always be shredded.
¿ Shred documents that could help the competition. Customer lists, sensitive pricing information, strategic planning documents and trade secrets should never just be tossed.
¿ Be diligent with information from consumer reports. The Fair Credit Reporting Act protects credit reports and scores, plus reports relating to employment background, check writing history, insurance claims, residential or tenant history, or medical history. Handlers of this data face strict disposal guidelines.
¿ Speak up if your shredding system is so onerous that people avoid it. Companies have many options, from a $40 cross-cut shredder to outsourced shredding services.