Payroll data. Financial details. Patient health information. Confidential client files. Many Guam-based businesses handle sensitive information that requires professional document shredding. Otherwise, if documents containing sensitive data are disposed of improperly, these businesses may expose themselves to liability, lawsuits, or even fines for non-compliance.

In this guide, we will help you identify the business documents that may require document shredding services. We will also offer some tips for finding the right document shredding company in Guam who will help you mitigate potential risks, remain compliant with applicable regulations, and fulfill your professional responsibility to your clients and business partners.

Why Secure Document Shredding Matters for Guam Businesses

Many businesses collect and store sensitive data. Common examples include employee records and payroll data; confidential client information such as banking details or financial data; and, in the medical field, any information related to a patient’s medical record. In some industries, a company’s list of suppliers might even be considered confidential.

When documents are not shredded and properly disposed of, there is the potential for this data to fall into the hand of bad actors, who might use it for:

  • Identity theft schemes
  • Phishing attacks
  • Cyberattacks
  • Corporate espionage or unfair trading practices

All of this could mean profound consequences if your business failed to securely shred sensitive documents.

Additionally, in a tight-knit business community like Guam, mishandling confidential information could lead to serious, long-term damage to your organization’s reputation in the community.

 

What About Burning Documents? Is That a Good Alternative to Shredding?


It can be tempting to believe that burning documents—or securely bagging them for immediate removal by garbage collectors—will offer a good-enough solution for document destruction. However, both methods are risky and may expose your company to liability, should any records remain readable or fall into the wrong hands. Additionally, these methods do not come with a certificate of destruction, which may be required in certain regulated industries.

Although all businesses need to evaluate their document destruction policies, a few industries in particular need to pay special attention to their document shredding activities:

Document Shredding for Healthcare Providers

The Health Insurance Portability and Accountability Act (HIPAA) was designed to offer patients additional levels of security around Protected Health Information (PHI). Under HIPAA, medical organizations, healthcare providers, and other covered entities must securely dispose of PHI.

If your organization is a covered entity under HIPAA, it is important to choose a document shredding provider familiar with HIPAA compliance. For example, HIPAA requires:

  • Physical document destruction methods, including shredding, that render PHI unreadable, indecipherable, and unable to be reconstructed.
  • Electronic destruction methods that involve clearing, purging, or destroying the media.

An experienced document shredding company will be prepared to deliver HIPAA-compliant methods for both physical documents and electronic media.

READ MORE

Could Your Organization Be Violating HIPAA Accidentally?

Ask yourself these six questions to evaluate your current records management procedures—and avoid unintentional HIPAA violations. 

READ MORE

Document Shredding for Legal Firms

The American Bar Association (ABA) rules of professional conduct recommend that law firms retain client records for five years. After five years, legal firms need to properly handle the shredding of any paper documentation to maintain the confidentiality of client information.

Additionally, given the prevalence of online record-keeping, legal firms looking into document shredding services should look for a company with expertise in digital media to ensure proper destruction across the board.

Document Shredding for Financial Institutions

Under the Gramm-Leach-Bliley Act (GLBA), financial institutions are required to safeguard sensitive consumer data. Although the act does not specifically mention document shredding, the Safeguards Rule mandates security measures to protect consumer information, which can naturally be understood to include end-of-lifecycle document destruction.

As with the legal field, financial institutions need to look for providers with expertise both in document shredding and secure electronic data destruction.

Disposing of IT Assets: Avoid Potential Exposure

When it’s time to replace outdated computers, servers, and other types of hardware containing sensitive data, consulting an IT Asset Disposition (ITAD) provider is a critical first step—especially if your business is subject to laws like HIPAA and GLBA.

An ITAD provider can help you ensure any retired IT assets are handled appropriately to prevent exposure of sensitive data. Additionally, your ITAD provider should be able to provide any necessary documentation for compliance purposes.

If you need assistance properly disposing of your outdated IT assets, reach out to the DeWitt Guam team. We would be happy to provide you with a complimentary quote for ITAD services.

What Documents Should Be Shredded?

Understanding what documents need to be shredded is an essential step in protecting sensitive information and maintaining regulatory compliance.  

Tip: Before deciding to shred any documents, it is important to ensure that you are destroying documents in compliance with your organizations records retention policies. We will cover that next.

Examples of Common Document Types That May Require Secure Destruction:

  • Medical Records: Patient charts, insurance claims, prescription histories, lab results, and any other documents containing PHI.
  • Legal Files: Contracts, court filings, discovery documents, client correspondence, and all confidential information that makes up a client’s legal file.
  • Financial Documents: The Safeguards Rule covers “any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form.” This could cover items like tax records, loan applications, credit reports, bank statements, and more.
  • Employee Records: Documents containing social security numbers, payroll information, performance evaluations, personnel records, benefits records, and other files containing employees’ personal information.
  • Customer Information: Files containing sensitive client data such as purchase history, billing information, and financial details.

Depending on the nature of your business, even documents that may appear routine—such as internal memos, printed emails, or meeting notes—could potentially contain personally identifiable information or sensitive business data that should be destroyed securely.

Document Shredding Is Just the Beginning

Document destruction is just one aspect of a comprehensive records management policy that protects sensitive data—and reduces your company’s liability for potential mishandling of documents. Best practices suggest creating a records management procedure that covers both: 1) record retention and 2) record destruction.

To learn more about creating a comprehensive records management policy, check out ours five best practices for managing your company’s records.

What to Look for in a Document Shredding Company

Given the sensitive nature of the documents you will be shredding, it is important to choose your document shredding provider carefully. Here is what we recommend you look for when choosing a document shredding company in Guam:

  • On-Site and Off-Site Shredding Options: On-site shredding allows documents to be destroyed at your location, while off-site involves transport to a secure facility. Some businesses require on-site shredding for compliance purposes—or simply prefer it. Look for a provider that offers both options for maximum flexibility.
  • Expertise in Industry Compliance: If you are in an industry with legal compliance requirements—such as the medical or financial industry—look for a vendor with expertise in the applicable regulations, including HIPAA and GLBA.
  • Bonded Employees: Bonded employees give you an extra layer of reassurance that your sensitive data is in the trusted hands of employees who have gone through extra layers of screening.
  • Available Certificates of Destruction: After each job, a reputable shredding company will issue an official certificate confirming that your documents were securely destroyed. You may need these for legal compliance, so it is important to ensure your provider can issue them.
  • Certification from a National Organization: Taking the time to get certified by an organization like the National Association for Information Destruction (NAID) demonstrates a provider’s commitment to professionalism and compliance.

Protecting Your Organization, Its Data, and Its Reputation

Ultimately, selecting a shredding provider for your business should be about choosing a professional, qualified, and committed partner who will help you reduce the risks associated with disposing of sensitive data. By choosing a company that adheres to industry best practices and demonstrates a record of accomplishment of professionalism, you will choose a partner qualified to protect your information—and your reputation.

If you would like to discuss establishing a document shredding program for your company, reach out to the DeWitt Guam team.

We offer comprehensive records management services to Guam-based businesses, including:

  • Document indexing, storage, destruction, and shredding
  • Non-paper record storage and destruction, including media cards, CDs, hard drives, data reels, floppy disks, and X-rays.
  • Secure, on-site document disposal bins with daily, weekly, and monthly pickup schedules
  • Records management services, including assistance with maintaining retention schedules

DeWitt Guam holds an iSigma ~ AAA certification from the National Association of Information Destruction (NAID). Additionally, every member of our records management team is bonded, and each holds HIPAA and NAID certifications.

Our team would be happy to help you with a comprehensive records management solution that fits your company’s needs and budget. Request a complimentary quote to get started. 

Tell us about your move!