Your trashcans are talking. They are crying out for attention from anybody who might be interested, and boy, do they have a lot to say!
Sam in accounting overprinted some pages of a client file and just threw them in the trash. Judy cleaned her purse before lunch and tossed a handful of debit card receipts and bank deposit slips. Eileen in HR casually dumped a few duplicate copies an employee’s healthcare form.
This kind of information is a goldmine for the person who knows how to use it. But, it can be a legal and costly blow to any company who underestimates the security measures needed to protect the information it contains.
Shred-it, an international on-site document destruction company, specializes in protecting the privacy of company business as well as those of the company’s customers, helping businesses comply with the new identity theft protection laws and avoid costly mistakes.
Putting the Pieces Together
It is easy to look at the rather self-explanatory name of Shred-it and think that its story is all told; boxes of unwanted paper equal confetti, right? Wrong!
A former restaurateur from the northern Virginia and Washington,
D.C. areas, Stuart Wash was savvy about the potential in this new industry of on-site document destruction. So he purchased the franchise rights to open Shred-it in western North Carolina in 1988.
Wash opened the Charlotte location as the 52nd of what is now 160 total branches of the parent company, Securit. “Even when my brother opened the 35th facility in Hampton, Va.,” says Wash, “it was very obvious that ID theft was emerging as a major issue. So when the Charlotte opportunity opened up, it was something I immediately jumped into.”
“When I started this business seven years ago, I had to do a lot more explaining about the potential for abuse of private information,” he remembers. “Today, every time you read the newspaper or watch the nightly news there are multiple stories involving identity theft.”
Shred-it is an on-site shredding company. It routes mobile shredding trucks into the parking lot of any facility and starts shredding things up. According to Wash, on-site shredding has definite advantages, “When we come to you, all you have to do is look into the parking lot to see the job getting done. We provide a detailed certificate of destruction, and we don’t drive off until every last sheet of paper is gone. Obviously, with an off-site service, you have no such assurance. Your material could be warehoused for all you know. Plus, the documentation is very convenient to have in audits to demonstrate compliance with regulations.”
He also touts the time and cost-savings of using a shredding company rather than purchasing shredders, “It can take one employee fifteen hours a week to do what we do in ten to fifteen minutes. When a company takes a lot of care hiring the perfect person for a position, plus spending time and money training them to do their job, I don’t think they would consider standing over a shredder a valuable use of its resources.”
Wash says that Shred-it’s M.O. is to be completely seamless, “We offer operational efficiency that makes our approach turnkey and worry-free for our clients.”
A Shred-it representative provides an initial on-site consultation, and completes a security audit to identify problems. The representative will ask if the office manager would like him to take a walk though the office and identify potential security breaches, right down to going through the trash bins. Explains Wash, “Bottom line is, if you aren’t comfortable with us taking the contents of your trash bins, you need to be shredding more.”
In addition to the security evaluation, the Shred-it consultant will help calculate the volume of material needing destruction based upon employees, workstations, and paper flow. He will then calculate the number of storage containers needed for the site, a reasonable schedule for destruction visits, and the cost.
The storage bins themselves appear to be worthy of the investment. The locked, gray-speckled, strategically located bins encourage employee compliance, while concealing messy piles of material.
The bin is only opened by an authorized Shred-it customer service representative, who pulls out the lockable nylon bag and carries it to the shredding unit.
The shredding truck is outfitted with Shred-it’s proprietary technology that assures the highest degree of shredding available; staples and paperclips are not an issue. As a matter of fact, bring your binders, CDs, tapes and videocassettes too. These guys have got some jaws on them.
The former items, called ‘contaminants’, excluded, Shred-it recycles all of its paper into low-end recyclables like paper towels. “One of the founder’s major missions in business was to be environmentally responsible, so we take that pretty seriously.”
But don’t be fooled. Document destruction isn’t just about feel-good, peace-of-mind, green goodwill in protecting your own assets; it’s also the law.
ID Theft – The Cost
According to two studies undertaken by the Identity Theft Resource Center (ITRC), approximately 7 million people became victims of identity theft between July 2002 and July 2003. Quotes the study, “This equals 19,178 people per day, 799 per hours, 13.3 per minute.”
To add insult to injury, most identity theft victims sustain costly damage after the violation takes place; it can take years to clear up the mess. Consider unspoken amounts of money and time with investigators, government agencies, banks and credit bureaus, not to mention the demoralizing process of having to defend something as basic as who you are.
And, says Wash, it is just getting worse. “As identity theft gets more exposure in the media, people have more awareness. Unfortunately, that is a double-edged sword, because the crooks are watching the same reports.”
He continues, “Shred-it teams up occasionally with the CMPD (Charlotte-Mecklenburg Police Department) at various functions to educate and raise awareness about identity theft, and a police department representative said to me at one of them, “I don’t know why anyone would even bother to rob a bank any more considering what these guys can do with just a small amount of information.”
The ITRC study estimates that the business community loses between $40,000 to 90,000 per name in these fraud cases. It also states that between the FBI, the executive office for U.S. Attorneys, and the Secret Service, investigation and prosecution of these types of cases can easily reach $47,000 per case.
Comments Wash, “It used to be that the systems weren’t in place to penalize appropriately for identity theft; it was just too new. This is changing now. Since the Identity Theft Penalty Enhancement Act, criminals are now receiving more than just a slap on the wrist; identity theft is now a federal crime.”
And it is not just the criminals who are being served notice. Consumers and the government are also demanding that businesses be held accountable for the privilege of harboring important personal information about clients.
For example, the GLC (Gramm-Leach-Bliley) Act of 1999 introduced the “Safeguard Rule,” requiring financial institutions to set and enforce policies to protect customers’ private information, including document destruction protocols. Civil penalties per violation of the GLC are $11,000.
Another regulation is HIPAA, better known as that ubiquitous piece of paper in every medical office, advising patients of privacy rights. HIPAA’s Security Rule, which became effective in April of 2005, specifies administrative, technical and physical security procedures, and includes document destruction prior to disposal.
But perhaps the biggest legislation to date is the Fair and Accurate Credit Transactions Act (FACTA) of 2003. FACTA affects “any person or company that maintains or otherwise possesses consumer information or any compilation of consumer information derived from consumer reports for a business purpose,” and includes the following provision: “(such persons)…must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.”
Wash says that N.C. State Attorney General Roy Cooper is taking identity theft very seriously, and that the N.C. State Senate recently enacted the North Carolina Identity Theft Protection Act which contains specific provisions for document destruction. Failure to comply can result in fines up to $5,000 for each incident, or three times the amount of actual damages, whichever is higher.
Getting Down to Business
While fines directly threatening a company’s pocketbook are certainly deterrent, the blight on a company’s reputation can be irreparable. Says Wash, “Companies are absolutely required to notify their customers in the event of a security breach.”
Last spring, newsprint was plastered with debacles involving customer information. Beginning in February, Bank of America reported missing data tapes of customer information, including Social Security numbers, for 1.2 million federal employees.
In May of 2005, both Wachovia and Bank of America suspected that financial records for more than 100,000 customers may have been stolen by bank employees. It is speculated that the suspects pulled up the account data while working inside the banks, then printed out screen captures of the information or wrote it out by hand.
Then, in June 2005, Citigroup claimed that United Parcel Service lost computer tapes with information from 3.9 million customers of CitiFinancial.
The breaches moved across the countryside, and all of a sudden the scourge had hit your neighbor’s house. Says Wash, “Document destruction is not just a necessary evil or a simple afterthought anymore. It is in its own rite, an end in itself. Policies must be in place, and they must be enforced. Businesses have got to step up to the plate and protect consumer information.”
Wash advises basic strategies for keeping a tight ship, “Have a coherent, enforced document destruction policy. Look around at your waste stream – are there some areas that are more dangerous than others? Do you have documents that have passed the required amount of time to store them? And, do background checks on your employees before hiring.”
A good employee is a great thing, but a bad egg can ruin a business, so Wash practices what he preaches. He does extensive background checks on his employees, and most have been with him for quite a long time. He tries to keep each customer service representative on a regular route, so that the client and the representative can build a familiar relationship. “We get more positive mail on our reps than you can imagine. Their dedication and friendliness is just a given when they get into your office,” says Wash.
From his initial one-man operation – Wash, a truck, a big loan and what he says was a maxed out credit card for the initial capital investment – Stuart Wash has come a long way. He now has 25 employees, a full schedule of trucks doing their thing, and business just keeps growing.
“It used to be medical, legal, and financial offices were the only major customers in the shredding market, but that has all changed. We get calls from everyone from major retailers to small businesses, and even private residences. Overall, people are just more aware, and that is a good thing for everyone,” says Wash.
Wash works hard to deliver a service that is unparalleled in quality, “I try to make people see that it is more than just a commodity, that it is about more than price. It is about ease, security, protection and reliability.”
A company benefits from these qualities, and the trickle-down effect assures that the company’s customer’s personal information is safe.
After all, what is the cost of your business and its reputation?