In-Depth Guide to Federal Data Destruction Regulatory Requirements

February 21, 2020 at 4:36 pm by Heidi White

Data security encompasses all aspects of information protection and has been an integral part of federal policy since the Social Security Act of 1934 made it illegal to disclose an individual’s social security number and personally identifiable information (PII). Since then, numerous federal programs and processes specific to the privacy and security of personal, financial, health, and intelligence information have been instituted.

Fill out the form below for an instant download.

NSA vs NAID – What’s the Difference?

November 29, 2018 at 3:41 pm by SEM

There are many different types of paper shredders in the marketplace today. Paper shredders are designed and manufactured to produce a variety of security end-results, known as the shred type or “size”. When shopping around, types such as strip shredders, straight-cut models, or cross cut shredders will stop to pop up. Straight-cut models abs cross cut shredders, though still available, are rarely used in the for high end security destruction due to their lack of data security protection from too much bulk waste generated from strip shredding. When it comes to security, the smaller the particle size the better, which is why when protecting classified or confidential information cross-cut shredders rule the shredding world.

Most organizations oversee some responsibility of security destruction, such as the National Association for Information Destruction (NAID), which requires that materials be destroyed to a particle or cross-cut end result. Almost every data regulation in the U.S. includes a requirement that organizations have written data protection policies and put procedures in place to protect their information. These organizations require that data protection processes are identified; however, there are no regulations in place that dictate any specific particle size that they must meet.

The National Security Agency (NSA) has the highest standard and requirements for destroying classified materials. The NSA evaluates tests and compiles a listing of approved shredders that meet their security standards for destruction. Some government agencies and shredder companies refer to this as a level 6 shredder but the NSA does not. The NSA/CSS Evaluated Products Listing for Paper Shredders is the ultimate guide of which the entire DoD community is governed for the destruction of one’s classified paperwork. This is the highest level of security shredding, where the shred sizes must not exceed 0.8 x 4mm. The NSA /CSS EPL are updated on an annual basis where shredders are added and ratings modified based on evaluations of retesting. Older shredder models are not removed from NSA EPL.

When dealing with the destruction of any classified material you are mandated by your own security destruction regulations to follow the NSA guidelines in purchasing an approved shredder from the NSA/Evaluated Products List. Not using an approved shredder could result in a failed security inspection.

With NAID standards you are required to use a particle or crosscut shredder and to follow the same specific guidelines should you elect to contract with a commercial destruction service that is NAID certified and will adhere to those same standards.

Bottom line: Know what your data security destruction requirements are and follow in accordance to what is governing your information destruction program.