What Laws Govern Document Destruction, and Why Do They Exist?

Some don’t realize that, apart from being a matter of security, the need for  document destruction is in fact enforced by law. There are certain situations where the process is not only recommended, but mandatory, and without prior knowledge of these scenarios your business could easily find itself in hot water. As such, it is of great value to anyone who owns or even works for a business to study these laws to ensure that they are not caught off guard. The following is a record of every one of these laws, at least the most major of them. Look over these laws, consider them carefully and, once you’ve come to understand them, take the steps necessary to ensure that you or your company never puts any sensitive information in jeopardy again. Every small business takes in a tremendous amount of it, the kind of information that can be used for identity theft or plain old thievery. With the help of these rules, you can prevent this situation from ever occurring.


The Social Security Act of 1934


The Social Security Act is a very simple law which sensibly prohibits companies or any other third party from revealing a client’s social security number.  In limiting what companies could and could not reveal about their clients, willingly or accidentally, this Act was, in many ways, the first document destruction (or, at the very least, regulation) law.


The Privacy Act of 1974


This act was founded on the basis of three conclusions, arrived at by Congress.


  • Every client has a constitutional right to privacy. A company violating this right, either on purpose or accidentally, is therefore in breach of the Constitution.


  • A key part of maintaining the privacy of clients involves carefully monitoring, and responsibly using, their personal information. This has been made more difficult by the usage of computers and other technology, both by companies and nefarious third parties. Regardless, it is the company’s obligation to keep their clients’ data safe.


  • If the data provided by clients is misused, presumably for illegal means, that can have a severe effect upon said client’s wellbeing, including limiting their employment and insurance possibilities.


Additionally, the definition of what exactly was considered private material was extended to include financial transactions, medical history, past employment, medical data and fingerprints, as well as any photographs or videos taken by the client, to name just a few examples.


The Ruling of California v. Greenwood


Though it is not a law in the strictest sense of the word, the legal ruling in the case of California v. Greenwood still played a huge role in the drafting of further document destruction regulations. The case involved incriminating information that the defendant, Greenwood, had thrown in the trash as a means of destroying the evidence against him. When this evidence was pulled from the garbage and used against him to secure his arrest, Greenwood sued, saying that the dumpster diving the police had performed constituted an illegal search. The court ruled against him, essentially stating that anything that Greenwood, or anyone else, threw away then became public property. In other words, the second you throw anything out you are giving up possession of that item.


We’ve all seen this law in action. Many of us have dragged an old couch to the curb to be thrown away, only to have it be taken by a third party for their usage. This is not stealing because the former owner, through the act of throwing it away, willingly relinquished all of their rights concerning the ownership of said couch. Though that act, the item now belonged to anyone who wished to claim it. The same is true of sensitive records thrown away by a business. By placing them in the garbage, the company is giving up those documents, meaning that they can be taken and used by anyone. In other words, if you throw important data in the garbage, another company can use it legally, as long as they themselves do not break any crimes as a result. If they do use the data to commit identity theft, they will be held legally responsible, but so will the company that released that data in the first place.


Fair and Accurate Credit Transactions Act of 2003 (FACTA)


Finally, in 2003, a law was drafted which officially stated the point implied by California v. Greenwood: namely that a client had a right to privacy, a company had an obligation to provide that privacy, and that if they violated their client’s constitutional right by improperly disposing of sensitive documents that they could and would be held responsible. The law states that when a business is ready to throw away a clients data they must destroy it. This includes shredding or burning paper documents to the point that they are unreadable and permanently destroying electronically stored data. In other words, no data permanently leaves a business, at least not in tact.


Rather than leaving this obligation up to the businesses, the law dictates that, in most cases, companies should hire a professional document destruction firm. If this firm does not do its job properly, the guilt is still placed upon the business which provided the information in the first place. For this reason, it is important to do careful research into any document disposal company you might hire. Be sure that they are compliant with any and all related laws, get references and find accounts of the company’s trustworthy nature and be sure that they’re certified. Follow these steps carefully and choose wisely and you can be sure that, no matter what, you’ll stay on the right side of the law.