How NOT to Destroy Employee Personally Identifiable Information

April 25, 2023 at 8:00 am by Amanda Canale

Employee personally identifiable information (PII) is filled with critically private and personal information, such as financial information, healthcare information if provided by the employer, pay stubs, addresses and phone numbers, and more, so it should always be destroyed with the utmost care. 

Before we get to how not to destroy these types of files, it’s important we discuss how long you should keep them for. When it comes to personnel records, retention periods can vary. For instance, the Department of Labor Correspondence and the Internal Revenue Service (IRS) require any financial statements, documents from the IRS and Department of Labor Correspondence themselves, and plan and trust agreements to be kept three to four years, or even longer depending on the case.

However, when it comes to normal employee files, applications, contracts, and other employee personal information, they should be kept for two to three years from the date of termination. What about their compensation documentation? Keep these on file for three to five years from the termination. (This is important to remember!)

Now, let’s get to the fun part – the destruction!

Ripping Up

While ripping paper into confetti-sized pieces can be a great way to relieve some stress, we don’t necessarily recommend this tactic when getting rid of your most recent fire’s employee file. Even if you weren’t too crazy about your coworker, if not destroyed with high security end-of-life destruction equipment, their information could easily fall into the wrong hands, and your coworker could be the next to fall victim to identity theft – which nobody deserves. Don’t believe us? Take for instance the DARPA Shredder Challenge, where people quite literally competed to reassemble 10,000 shred particles for a large grand monetary prize. While the average person would much rather do anything else than spend 600 hours putting shred pieces back together, the same cannot be said for hackers and thieves; if it’s going to grant them access to your most sensitive information, then chances are they will rise to the occasion!

Shredded paper with text.

Recycling and/or Throwing Away

While we support the green initiative in wanting to recycle end-of-life PII documents, unfortunately this isn’t possible. Again, if it’s not a good idea to rip up your employee’s files, it’s not safe to simply throw it out or recycle. Sadly, the majority of our waste and recycling ends up in landfills and dumpsters which are typically gold mines for hackers and thieves. In addition, recycling and waste are not always transported securely, which makes it easy for people to intercept and have access to your most private and identifiable information.

It is always best to err on the side of caution when it comes to end-of-life data destruction. When it comes to specifically destroying employee files, it is best practice to use a secure, in-house method, like our Model 244/4 high security paper shredder. 

The Model 244/4 is our most popular high security paper shredder. Why? This solution is NSA evaluated and listed by the NSA/CSS EPL and meets DIN 66399 Level P-7 standards. Our 244/4 provides a rugged performance with an NSA one hour durability of 17 reams per hour while encased in a quiet system, making it the perfect choice for small or mid-size department use. 

Want even more security? Our Model 344 offers an even more secure shred size than the current mandate for the National Security Agency (NSA) requires. We like to call the 344’s final particle size as P-7+. This device is the only high security paper shredder on the market that offers a particle size of 0.8mm x 2.5mm (that is 50% smaller than the current National Security Agency requirement!) 

By adopting a shredding policy, you are making the most cost-effective, safe, and secure decision to take preventative measures to ensure that your past and current end-of-life employee information does not fall into the wrong hands.

Centralized vs. Decentralized Destruction: What’s the Difference?

April 17, 2023 at 2:36 pm by Amanda Canale

As with most new technology, ideas, and solutions, there are pros and cons. In this month’s blog, we’re breaking down the main similarities and differences between centralized and decentralized destruction environments.

Centralized Environment

A centralized environment is, essentially, one space where all of the magic happens. Whether it is a centralized record center or destruction environment, everything that happens and everything being stored are in one location. 

For example, let’s refer back to our Level 6 Data Centers: Best Practices in Security blog. The sixth level of the Google data center is known as a centralized destruction environment because all the destruction occurs in one, central space. At this level, security is at an all-time high, with very few personnel having access. 

 

 

Another example of a centralized environment, but in this case a record center, is a single space where all records are kept. It could be a doctor’s office where all patient files are kept or a cloud-based system where all files and documentation are stored. Since centralized environments hold a substantial amount of information, they are typically organized by separate teams or personnel with a very high level of clearance.

CENTRALIZED ENVIRONMENT PROS:

One main pro when it comes to a centralized environment, in this case destruction, is that all of your destruction occurs in one place. There isn’t a concern for whether a drive was left on someone’s desk or an end-of-life document was misfiled since there is a system in place that requires all end-of-life drives and documentation to be in one place at the same time. This allows for a highly organized destruction plan and seamless organization system.

With a centralized environment typically comes extra security (remember, all your eggs are in one basket!), which just adds an additional level of protection. This can be in the form of more security cameras, keypads and ID badges, physical security guards, and more. Not only do centralized environments come more protected, they also allow for more opportunities for control.

CENTRALIZED ENVIRONMENT CONS:

By putting one’s eggs all in one basket, while it offers a sense of control and safety, it can also have its drawbacks. Hypothetically speaking, if someone was able to breach that centralized location, they have the world at their fingertips since everything is in one place. Servers can be hacked into, destruction solutions can be tampered with, and precious information can easily be stolen. However, this is also why extra security measures are taken, whether the environment is centralized or not.

Decentralized Environment

On the contrary, a decentralized environment is where all of the records or destruction occurs across multiple rooms, spaces, or even floors. A decentralized environment could be the same doctor’s office mentioned earlier, but where patient personal health information (PHI) is kept spread out among various storage locations, workstations, multiple servers, etc. 

DECENTRALIZED ENVIRONMENT PROS:

Decentralized environments allow for data to be stored in more than one place offering more accessibility, and allowing those who need to access the data to be closer to it. By having their data in multiple and closer locations, there’s no need for long walks across the data center or building, or extra physical layers of security.

Depending on how sensitive the information is, a decentralized record center can sometimes offer more protection since there are multiple points of access and entry, which mean more opportunities for a hacker to fail.

DECENTRALIZED ENVIRONMENT CONS:

With multiple points of entry and access, also come…more money. Decentralized networks, destruction, or record environments require more upkeep, more maintenance, more storage, and more security. 

 

The consequences of improper data destruction are endless. By opting for in-house, centralized destruction, companies have complete oversight and can be certain that your information has been securely destroyed.  At SEM, we offer an array of various high-quality NSA listed/CUI and unclassified data destruction solutions, and are experts in designing and creating, implementing, installing, and servicing centralized destruction facilities across the globe. Whether it’s for the federal government, one of their agencies, or a commercial data center, we do it all. Learn more about our scalable and customizable solutions here. 

Paper Shred Sizes (and What They Mean)

March 30, 2023 at 2:14 pm by Amanda Canale

When destroying any end-of-life data, whether it be paper, hard drives, solid state drives, or other forms of media, there are very strict guidelines and laws that address how classified, top secret, and controlled unclassified information (CUI) should be disposed and securely destroyed. These requirements are determined by the National Security Agency (NSA) and the National Institute of Standards and Technology (NIST). 

For further context, the NSA mandates specific final particle sizes for top secret and/or classified data, regardless of the media form. They then evaluate and list end-of-life data destruction solutions that follow these mandates for destruction. (For a list of media destructions solutions evaluated and listed by the NSA, click here, and for more information what each data classification type really means, click here.)

While the federal government and government organizations are strict when it comes to how one should destroy end-of-life information, commercial companies and industries like healthcare, finance, banking, and more, are less stringent with their destruction instructions, with some left open to interpretation. 

Enter the DIN Standards. Also known as Deutsches Institut für Normung, DIN originated at the German Institute for Standardization in 1917 as a non-government organization that serves as the national standard when it comes to improving the rationalization, safety, environmental protection, and quality assurance between the government and the public. DIN is not often mandated but their guidelines serve as a widely accepted global standard while providing clarity to otherwise vague end-of-life information destruction mandates. 

DIN 66399 standards specifically provide end-of-life destruction particle size guidelines for information that resides on a wide range of media – including paper – and that specifies protection categories. (You can find more in-depth information about DIN standards here.) 

Even as we get further and further into the Digital Age, there is still such a high demand for paper. Some may say that paper is dead, but we know that paper will never really be dead. While the industries I listed above are not holding government secrets, they still store a lot of their sensitive and unclassified information on paper; information that needs to be securely destroyed or could result in severe consequences if it lands in the wrong hands.

Now that you have all of this background information, let’s get into why you’re here – what constitutes as a secure paper shred size? 

Seven Specific Security Levels 

P = Paper media requirements

Protection Category

Media Paper

Security Level

Security Level Particle Size Requirement

Class 1

P

1

12mm strips or maximum particle surface area of 2,000mm²

Class 1

P

2

6mm strips or maximum particle surface area of 800mm²

Class 1

P

3

2mm strips or maximum particle surface area of 320mm²

Class 2

P

4

Maximum cross-cut particle surface area of 160mm² with a maximum strip width of 6mm = 6 x 25mm

Class 2

P

5

Maximum cross-cut particle surface area of 30mm² with a maximum strip width of 2mm = 2 x 15mm

Class 3

P

6

Maximum cross-cut particle surface area of 10mm² with a maximum strip width of 1mm = 1 x 10mm

Class 3

P

7

Maximum cross-cut particle surface area of 5mm² with a maximum strip width of 1mm = 1 x 5mm

Here’s what each of these security levels look like:

DIN Level P-2 Paper Shred with penny for size comparison
DIN Level P-2 Paper Shred
DIN Level P-3 Paper Shred with penny for size comparison
DIN Level P-3 Paper Shred
DIN Level P-4 Paper Shred with penny for size comparison
DIN Level P-4 Paper Shred
DIN Level P-5 Paper Shred with penny for size comparison
DIN Level P-5 Paper Shred
DIN Level P-6 Paper Shred with penny for size comparison
DIN Level P-6 Paper Shred
DIN Level P-7 Paper Shred with penny for size comparison
DIN Level P-7 Paper Shred
DIN Level P-7+ Paper Shred with penny for size comparison
DIN Level P-7+ Paper Shred, a 50% smaller particle size than NSA mandate for paper, produced by SEM Model 344.

As you can tell based on the table and photos above, P7 is the smallest, most secure particle size (aside from the 0.8mm x 2.5mm particle from our Model 344, which is half the size mandated by the NSA for classified paper). Essentially, the smaller the particle, the harder it is to put back together. 

Why would you want to put a bunch of paper shreds back together? To get top secret information, of course! 

Allow us to introduce the DARPA Shredder Challenge. The challenge was created by a research and development agency of the U.S. Department of Defense back in 2011. The DoD invited top computer scientists and puzzle enthusiasts to essentially reconstruct paper shreds for a grand prize. 

The challenge ended when the winning team, who went by the name, “All Your Shreds Belong to US”, created an algorithm that automatically reconstructed the 10,000 pieces of paper based on various physical aspects of the shred, such as shred angle, shred size, and paper marks. Other teams used strategies ranging from crowdsourced-style methods to relying heavily on manual reconstruction. 

When it comes to end-of-life data destruction, it is always best to err on the side of caution. By opting for in-house data destruction methods, you and your company or agency are making the most cost-effective, safe, and secure decision. At SEM we have an array of high-quality NSA listed/CUI and unclassified paper shredders to meet any regulation and mandate, ensuring all of your end-of-life paper stays end-of-life. Any one of our exceptional sales team members are more than happy to help answer any questions you may have and help determine which machine will best meet your destruction needs.

Shredder Training is the Key to Maximizing the Performance and Life of your Destruction Equipment

July 11, 2017 at 1:59 pm by SEM

Shredders, disintegrators, briquettors, optical media destroyers, HDD/SSD shredders, HDD crushers and degaussers are critical components of your overall information security program. Keeping these systems in good working order is extremely important, and easy to do with proper user training.

Probably the biggest factor in the longevity of any equipment is tied to proper training in the operation, daily maintenance and preventative maintenance. Depending on your equipment and site there are programs that can train your people to operate, maintain and troubleshoot so you avoid problems and keep the equipment up and running well.

Training can be done at your site with your equipment during a scheduled PM call, on a specific scheduled visit to your site, or at a training facility where factory service reps will go over all aspects of operation, daily maintenance, preventative maintenance as well as, tips and tricks to get the most of your systems and avoid the pitfalls. At the beginning of the training there will be a Q & A to help identify the issues of greatest concern to the group. During the training all participants are encouraged to ask questions and will have the opportunity to get “hands on” so they thoroughly understand the material being taught. After the training and a final Q & A each participant will be given a certificate of completion designating which equipment they were trained on. This is a great way for users to add additional value to their skill sets and company capabilities.

The training can be specialized to cover any and all the issues you may be having with your specific equipment, and discuss in detail how to fix and mitigate these in the future.

Some of the things your users will learn from attending training:

Changing knives, clearing and preventing jams, servicing dust filters, proper lubrication, testing belt tension, aligning conveyor belts, swapping out shredder heads-(depending on equipment) among many others.

The goal is maximizing machine availability for the organization and imparting the skills to help users diagnose and recognize potential issues before they become bigger problems.

And investment in a proper training program will pay dividends in equipment up time and save your organization money in the long run.

Click here for more information on SEM’s Preventative Maintenance and Service plans or call 800-225-9293.

Benefits of Reducing Your Shredder’s Carbon Footprint

June 23, 2017 at 1:42 pm by SEM

The US Government is committed to going green. This means reducing our environmental footprint as much as possible. Utilizing renewable resources, recycling of materials, and reduced energy consumption are at the forefront in setting forth attainable goals. Additional incentives and accolades are being provided to government agencies that meet their reduction goals.

SEM is proud to do our part in conserving the environment both as a company and by manufacturing environmentally conscious GREEN products. All SEM shredders are manufactured to automatically shut down by themselves when not in use, producing zero energy consumption. Another overlooked aspect SEM is focusing on is the oil consumption of shredders.

The revolutionary 1201CC is an NSA listed paper shredder that requires no oil — ever

We all know that high security shredders require oil to operate efficiently and to prolong the life of the cutting heads. Most high security shredder cutting heads are machined out of a single piece of steel today. Without proper oiling, they will become blocked and not cut to the proper particle size. SEM has an NSA listed cross-cut shredder that doesn’t require any oil whatsoever.

The SEM Model 1201CC is used for classified destruction and requires no oiling — ever — for the life of the machine. This not only reduces the cost of ownership, but it also reduces its carbon footprint. The average life of a well-maintained shredder is ten years. Most owners spend close to $200 on average annually on oil alone. Heavy users will spend more. The cost savings of purchasing oil for a single shredder could be over $2,000 over a ten year period.

The F65 is a high volume, oil-less shredder for SBU information

Another one of our green machines is our SEM Model F65 cross-cut shredder. This machine uses the same technology as the SEM Model 1201CC, but is utilized for SBU information — shredding a whopping 65 sheets at a time. This high volume unit will certainly save a lot of oil.

We at SEM are committed to our environment and strive to be innovators for environmentally conscience machines for the future. With SEM shredders, you can meet your green goals and save costs by doing so. But most importantly, you will be saving the environment for future generations.

SEM Paper Shredders Awarded Prestigious Eco-Friendly “Blue Angel” Certification

May 16, 2013 at 2:35 pm by SEM

Paper shredders manufactured for Security Engineered Machinery (SEM) by German based Krug and Priester GmbH and CO (K&P) have recently been awarded the prestigious “Blue Angel” certification. In addition to the precision and high quality typically found in German made products, these shredders are also loaded with a variety of environmentally friendly features that have earned them this highly sought-after certification.

The Blue Angel is only awarded to products and services which – from a holistic point of view – are of considerable benefit to the environment and, at the same time, meet high standards of serviceability, health, and occupational protection.

The Blue Angel is a German certification for products and services that have environmentally friendly aspects. It has been awarded since 1978 by the Jury Umweltzeichen, a group of 13 people from environment and consumer protection groups, industry, unions, trade, media and churches. Blue Angel is the oldest eco-label in the world, and it covers some 10,000 products in some 80 product categories.

To meet these eco-friendly standards, SEM shredders, that are manufactured by Krug and Priester (like the Model 244/4), integrate features that reduce noise, dust and emissions as well as an energy saving mode which generates no power after a brief period of non-use thus maximizing energy conservation.

After the introduction of Germany’s Blue Angel in 1978 as the first worldwide environmental label, other European and non-European countries followed this example and introduced their own national and supra-regional environmental labels. The common goal of these labels is to inform consumers about environmentally friendly products thereby giving global support to product-related environmental protection.

Learn more about our paper shredders here.