About Our Company - Ship-n-Destroy
- Founders Ken Miller
- Eric Flegenheimer
- SecurShred employees and
their families at a company outing - Hurricane Irene flood clean up
- Community shred events
Ship-n-Destroy is a secure online destruction company that was founded in 2011. It is a micro company of SecurShred, a document and electronic media destruction company servicing Vermont, New Hampshire, Northeast New York and Western Massachusetts. Ship-n-Destroy specialize in the secure destruction of paper, as well as, electronic storage media such as hard drives and backup tapes. Our secure plant is operated by SecurShred, an information destruction company that has been certified for hard drive, paper and media destruction for plant-based and mobile operation by the National Association for Information Destruction (NAID). SecurShred has been in business since 2000 and is an A-rated member of the Better Business Bureau.
The purpose of Ship-n-Destroy and SecurShred is to provide our customers with the most secure and cost effective method of destroying sensitive information. Ship-n-Destroy was created because everyone not just companies and organizations have confidential data that needs to be destroyed of properly. Bank statements, receipts, Social Security numbers, credit card numbers, medical files, canceled checks and even handwritten notes can end up in the wrong hands. Our goal is to make secure information destruction easy, affordable and accessible to everyone. With Ship-n-Destroy it does not matter where in the US you live. From anywhere you can go online, fill out a quote form and ship all your confidential material to our secure plant using UPS.
For larger organizations, we can assist in developing a data management system. From bulk purges to systematic file destruction, we can insure that you're firm is compliant with all state and federal mandates regarding information security.
How to Ship-n-Destroy
SecurShred complies with all state and federal privacy laws including HIPAA, FACTA, GLBA, Sarbanes Oxley, and Red Flag Rules. SecurShred also has a GSA contract.
FACTA (Fair and Accurate Credit Transactions Act)
The Federal Trade Commission (FTC) has issued a new rule that will require businesses to properly dispose of and destroy sensitive consumer data. The rule is one of several new requirements intended to combat consumer fraud and identity theft and protect privacy required by the federal Fair and Accurate Credit Transactions Act (FACT Act) which was enacted in December 2003.
The new FACT Act Disposal Rule broadly covers "any record about an individual, whether in paper, electronic, or other form that is a consumer report (also known as a credit report) or is derived from a consumer report." It requires any person or company that possesses or maintains such information to take "reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal." The new rule provides examples of how to comply with the new requirements, including:
- Implementing and monitoring compliance with policies and procedures that require shredding or other forms of destruction of documents and electronic media containing consumer information.
- Contracting with a third party to properly dispose of consumer information and monitoring their performance.
Sarbanes Oxley (SOX)
A United States federal law enacted on July 30, 2002, set new or enhanced standards for all U.S. public company boards, management and public accounting firms.
The purpose of the Sarbanes Oxley Act was to enhance corporate responsibility, financial disclosures and combat corporate and accounting fraud. The Public Company Accounting Oversight Board (PCAOB) to oversee the activities of the auditing profession was also created.
The act does not apply to privately held companies. It contains 11 titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law.
One major provision of Sarbanes-Oxley Act’s includes a requirement that public companies evaluate and disclose the effectiveness of their internal controls. This requirement drives the need for companies to have detailed information systems in place, including secure disposal of obsolete business records.
The Sarbanes Oxley law changed the way businesses retain records. While it does not specify specific business practices or how business should store records, it does specify how long records should be kept and which records need to be maintained. The act specifies that paper and electronic records must be kept for five years.
The act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure.
Red Flag Rules
November 01, 2009 in Industry News
The National Association for Information Destruction is alerting its members that starting Nov. 1, 2009, the amendment to FACTA, called the Red Flag Rule, will go into effect. Under this amendment, every organization “that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft” to develop what it calls “reasonable policies and procedures for detecting, preventing, and mitigating identity theft.”
The Red Flags Rule requires an estimated 11 million businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or “red flags” – of identity theft in their day-to-day operations.
This is good news for the secure destruction industry, since NAID’s own statistics show that organizations with written data protection procedures are twice as likely to outsource their destruction requirements as those without them.
While all current data protection laws require organizations to have written data protection policies and procedures, the Red Flag Rule is specifically created to emphasize the importance regulators put on them.
To support its members, NAID has produced a draft Red Flag contract clause and language to update member’s policies and procedures. To obtain the documents, members must complete the NAID Red Flag Rule Release.
NAID has also stepped up training on the use of the Compliance Toolkit for members looking to capitalize on the opportunity created by the imminent effective dates of the Red Flag Rule and HITECH.
Gramm-Leach-Bliley Act (GLBA)
The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers' personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.
The GLB Act gives authority to eight federal agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguards Rule. These two regulations apply to "financial institutions," which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services to consumers. Among these services are lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and an array of other activities.
HIPAA (Health Insurance Portability and Accountability Act)
SecurShred destruction process ensures compliance with HIPAA disposal requirements.
Protecting the Privacy of Patient's Health Information
Excerpts from the HHS Fact Sheet and the HIPAA Bill
Congress recognized the need for national patient record privacy standards in 1996 when they enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The law included provisions designed to save money for health care businesses by encouraging electronic transactions, but it also required new safeguards to protect the security and confidentiality of that information.
From HIPAA Regulations Safeguards: 164.518©
"Examples of appropriate safeguards include requiring that documents containing protected health information be shredded prior to disposal"...
Securshred can service all federal agencies and activities in the executive, legislative and judicial branches. Government contractors authorized in writing by a federal agency pursuant to 48 CFR 51.1. Mixed ownership government corporations (as defined in the Government Corporation Control Act).
The GSA-Customer Relationship
With GSA Schedules, customers have a partner in meeting their procurement needs. GSA has worked hard to award contracts to vendors who provide “fair and reasonable” pricing. GSA also works with customers to respond to the evolving marketplace and to meet the needs for new supplies and services.
Schedules also enable compliance with federal procurement regulations as well as environmental and socioeconomic requirements, providing a simplified process for obtaining commercial supplies and services.
GSA Contract # GS-25-00195
Resources:
FACTA - www.ftc.gov
GLBA - www.banking.senate.gov
GSA - www.gsaadvantage.gov
HIPAA - www.hipaa.com
Red Flag Rules - www.securshred.com
Sarbanes Oxley - www.securshred.com