Employee personally identifiable information (PII) is filled with critically private and personal information, such as financial information, healthcare information if provided by the employer, pay stubs, addresses and phone numbers, and more, so it should always be destroyed with the utmost care.
Before we get to how not to destroy these types of files, it’s important we discuss how long you should keep them for. When it comes to personnel records, retention periods can vary. For instance, the Department of Labor Correspondence and the Internal Revenue Service (IRS) require any financial statements, documents from the IRS and Department of Labor Correspondence themselves, and plan and trust agreements to be kept three to four years, or even longer depending on the case.
However, when it comes to normal employee files, applications, contracts, and other employee personal information, they should be kept for two to three years from the date of termination. What about their compensation documentation? Keep these on file for three to five years from the termination. (This is important to remember!)
Now, let’s get to the fun part – the destruction!
Ripping Up
While ripping paper into confetti-sized pieces can be a great way to relieve some stress, we don’t necessarily recommend this tactic when getting rid of your most recent fire’s employee file. Even if you weren’t too crazy about your coworker, if not destroyed with high security end-of-life destruction equipment, their information could easily fall into the wrong hands, and your coworker could be the next to fall victim to identity theft – which nobody deserves. Don’t believe us? Take for instance the DARPA Shredder Challenge, where people quite literally competed to reassemble 10,000 shred particles for a large grand monetary prize. While the average person would much rather do anything else than spend 600 hours putting shred pieces back together, the same cannot be said for hackers and thieves; if it’s going to grant them access to your most sensitive information, then chances are they will rise to the occasion!
Recycling and/or Throwing Away
While we support the green initiative in wanting to recycle end-of-life PII documents, unfortunately this isn’t possible. Again, if it’s not a good idea to rip up your employee’s files, it’s not safe to simply throw it out or recycle. Sadly, the majority of our waste and recycling ends up in landfills and dumpsters which are typically gold mines for hackers and thieves. In addition, recycling and waste are not always transported securely, which makes it easy for people to intercept and have access to your most private and identifiable information.
It is always best to err on the side of caution when it comes to end-of-life data destruction. When it comes to specifically destroying employee files, it is best practice to use a secure, in-house method, like our Model 244/4 high security paper shredder.
The Model 244/4 is our most popular high security paper shredder. Why? This solution is NSA evaluated and listed by the NSA/CSS EPL and meets DIN 66399 Level P-7 standards. Our 244/4 provides a rugged performance with an NSA one hour durability of 17 reams per hour while encased in a quiet system, making it the perfect choice for small or mid-size department use.
Want even more security? Our Model 344 offers an even more secure shred size than the current mandate for the National Security Agency (NSA) requires. We like to call the 344’s final particle size as P-7+. This device is the only high security paper shredder on the market that offers a particle size of 0.8mm x 2.5mm (that is 50% smaller than the current National Security Agency requirement!)
By adopting a shredding policy, you are making the most cost-effective, safe, and secure decision to take preventative measures to ensure that your past and current end-of-life employee information does not fall into the wrong hands.