Owen was a rising star in a large financial services company. As the manager of a local bank branch, he had earned the respect of his team and the trust of his higher-ups. Owen had aspirations that went beyond his branch, and he desired to shape strategy rather than simply implement it. To do that, he needed to reach a level where the titles get weightier, the compensation gets more substantial, and the scrutiny gets more searing.
So where does paper shredding and e-waste disposal factor into all this? As you’ll soon learn, it’s doing the routine things routinely that can make or break leaders.
The Budget Strain
Owen’s bank branch had a scheduled shredding service in place. Although a seemingly unremarkable task, paper shredding for financial institutions is essential to maintaining regulatory compliance and data security. When it comes to protecting customers’ financial data, the honor system isn’t enough. Financial institutions must prove sensitive documents and electronics containing personally identifiable information (PII) have been properly destroyed after their retention periods have concluded.
Many banks produce enough paper and e-waste to merit a NAID AAA certified shredding company (like Steel City Shredding) to come weekly, biweekly, or monthly to securely shred sensitive documents, hard drives, and old electronics. The volume of paper and e-waste at Owen’s bank branch required a monthly mobile shredding service.
Then, budgets got tighter at the company. Corporate gave the directive to cut back on costs. Being a resourceful leader, Owen examined numerous ways to trim expenses in his operations. One of them was taking a second look at his scheduled shredding service plan. He made the call to adjust the timeline from a monthly shredding service to a quarterly plan.
Owen knew he was pushing the outer boundaries of sound judgment, because the longer sensitive documents and electronics sit around, the higher the vulnerability to loss or a breach of some kind. But this cost-cutting measure was just one among many. Technically, the revised plan could be interpreted as within the acceptable level of risk tolerance, but it wasn’t ideal. The Risk & Compliance Department, however, signed off on the revised shredding schedule.
The Fog of Business
On its face, nothing much changed. The mobile shredding truck still came around, albeit less frequently. Paper and e-waste disposal was still happening but not on enough of a regular basis. The decision had a subtle effect on the branch’s team members. Some noticed the change and became lax in their disposal. First, it started with some paper documents going into the regular recycling bin instead of the locked shredding containers. Hard drives and end-of-lifecycle electronics even made their way into the regular dumpster.
But it wasn’t all the time. Nor was it everybody failing to follow procedure. It was a gray area, the fog of business that blankets even the most vigilant leaders and detail-oriented team members. So, day-to-day operations hummed along and nothing came of it.
Until it did.
The Flashpoint
In another cost-control measure, Owen had to let go of a number of team members in the IT department. One didn’t take it particularly well, and he wasn’t the type to stew in silence. He, too, had taken note that some decommissioned hard drives and other electronics were not making their way into the secure storage bins that the mobile shredding trucks would collect. He took pictures of the hard drives and sent an anonymous tip to a local news station’s investigative reporter. The station decided to run a story on the bank and its alleged failures to maintain data privacy.
The emails, calls, and notifications soon dinged, ringed, and pinged Owen in a never-ending flood. Everyone in Owen’s company who mattered wanted answers: Executive Leadership, Legal, Cybersecurity, Risk & Compliance, Human Resources, Corporate Communications. Terms like “chain of custody” and “responsible collection and disposal” became the new buzzwords. Owen’s decision-making was assessed, reassessed, and assessed some more.
The Fallout
For the next few days, Owen was on call after call, explaining himself and digesting just how deep this all went. Cybersecurity had to evaluate if any customer data had actually been breached, since no one could be certain that the anonymous whistleblower hadn’t done more than simply take pictures. Human Resources had to investigate whether any current or former team members possessed the hard drives in question.
Risk & Compliance, along with Legal, had to prepare an action plan in response to inquiries from the Federal Trade Commission (FTC) and Federal Deposit Insurance Corporation (FDIC). The department also had to justify to company executives its own decision to sign off on Owen’s revised shredding services plan.
Corporate Communications sent out letters and emails that begin with the painfully familiar language to customers all over the nation.
Out of an abundance of caution, we are writing to inform you of a data security incident that may have involved some of your personal information. We take the protection and privacy of your data very seriously, and we are committed to keeping you informed about important updates regarding your information…
A company investigation determined that no data had been breached, nor had anyone unlawfully taken those hard drives. But the time, expenses, and credibility loss still stung.
Owen could breathe a sigh of relief that the worst-case scenario didn’t happen, but that didn’t mean he was breathing easy. He kept his job and position, but for the time being his upward trajectory didn’t appear as promising.
The Way Forward
Gossip is the fastest-traveling transaction in any company, and Owen was the central topic of it for the next month. A sign hung in his office that read, “The manager does things right; the leader does the right thing.” His favorite famous adage became the brunt of many jokes at his expense over the next few months throughout the company.
Owen did eventually recover his reputation and make his way further up the ladder, but he never forgot this important lesson: it’s the little things that can pull everything apart. His decision wasn’t so egregious that it was immediately noticeable. It was that his choice had a butterfly effect on his team, creating the conditions where negligent disposal of hard drives and e-waste became possible and acceptable.
This cautionary tale is based on many true-life lessons from improper shredding practices. And if you’re raising eyebrows at this fictional-yet-realistic story, you’ll be even more shocked by the following real-world case study.
Financial Giant Pays Price for Shredding Failures
In 2022, Morgan Stanley Wealth Management paid a $35 million fine to the U.S. Securities and Exchange Commission (SEC) after an investigation found the company failed to properly protect the personal data of more than 15 million customers.
According to the SEC report, Morgan and Stanley “hired a moving and storage company with no experience or expertise in data destruction services to decommission thousands of hard drives and servers.” This lack of monitoring extended several years, as far back as 2015.
What’s worse, the moving company sold thousands of devices, including hard drives and servers, on internet auction sites. These devices contained unencrypted customer data. Morgan Stanley Wealth Management suffered significant legal, financial, and reputational repercussions as a result.
Even a multinational investment bank and financial services company like Morgan Stanley—with all the resources and expertise in the world—can get burned. No matter the size of a financial institution, it’s a target for data thieves of all kinds. So if you’re a financial firm that produces a large volume of paper and e-waste, it’s important that you create a shredding service plan.
What follows are some simple steps to avoid the failures of improper document disposal.
Partner with an Certified Paper Shredding Company
Morgan Stanley found out the hard way that you can’t trust fly-by-night operations, especially in the case of decommissioning electronics, hard drives, and servers.
So when it comes to document and e-waste destruction, you only want to work with companies like Steel City Shredding, which have a NAID AAA certification, the shredding industry’s gold standard for verifying compliance.
Additionally, Steel City Shredding is accredited by the Better Business Bureau and maintains an A+ rating. Our expert team will ensure an airtight chain of custody from start to finish, providing you with an official Certificate of Destruction, documenting the secure disposal of your sensitive records.
We also comply with all the relevant data privacy and protection laws, including:
- FACTA – Fair and Accurate Credit Transactions Act
- GLBA – Gramm-Leach-Biley Act
- GDPR – General Data Protection Regulation
- PCI DSS – Payment Card Industry Data Security Standard
- HIPAA – Health Insurance Portability and Accountability Act
Paper and e-waste shredding may seem ordinary but in the case of sensitive financial documents, it’s anything but. Because if you can’t trust those responsible for disposal, who can you trust?
Secure Shredding Derails Data Thieves
If you take your customer’s privacy and security seriously, you’ll take paper and hard drive shredding seriously. Financial institutions are particularly appealing targets for obvious reasons, chief among them being that money is a motivator unlike any other.
The leading types of personally identifiable information (PII) that can be exploited are:
- Bank statements
- Loan applications
- Client records
- Financial reports and statements
- Tax documents
- Credit card information
- Contracts and agreements
- Outdated checks
- Old credit cards
- Investment documents
- Inter-institutional paperwork
- Internal memos
- Employee records
- Payroll statements
Any financial firm faces both internal and external threats. Loan fraud, cyberattacks, credit card scams, and corporate fraud can plague even the most watchful departments. Fraud doesn’t just start online, either. The breach can begin offline, with someone accessing sensitive documents or hard drives, then manipulating that information for online, mail, and phone scams.
At Steel City Shredding, a recurring theme we stress to financial institutions is that paper and hard drive shredding is an extension of your information security and compliance programs. If your disposal isn’t buttoned up, then all your efforts beforehand can be rendered ineffective.
Human-Proof Your Document Disposal
Industrial shredding services ensure a financial institution’s chain of custody doesn’t rely on the honor system or the fragility of human nature. People forget, make mistakes, and sometimes fall prey to temptations.
By bringing in a reliable third party like Steel City Shredding, your financial institution can install tried-and-true shredding practices that protect customer and company data. Our shredding services cover the following:
- Paper documents
- Hard drives
- Solid state drives
- Laptops and computers
- Cell phones and tablets
- Printers and copiers
- Servers and networking equipment
- USB drives and storage media
- Data tapes and backup tapes
- ID badges and security cards
- Specialized physical media
Our mobile shredding trucks and industrial shredders will totally destroy all documents and electronics, so there’s no chance of data recovery in any way, shape, or form.
Shredding for Financial Firms of All Shapes & Sizes
We’re equipped to fulfill the shredding needs of many different kinds of financial institutions, including:
- Banks
- Brokerage firms
- Investment banks
- Investment companies
- Loan companies
- Mortgage companies
- Credit unions
- Insurance companies
- Payment processing firms
- Trust companies
Steel City Shredding is based in Southwestern Pennsylvania, serving clients in the Greater Pittsburgh region. Plus, we also travel to areas as far away as Erie, Altoona, Washington County, and even out of state in Wheeling, West Virginia.
In addition to secure document shredding solutions, we also help financial institutions achieve their sustainability goals. We’re proud that 100% of our shredded paper and all eligible e-waste is recycled, giving you assurance that the disposal process does not contribute to further destruction of our environment.
What Shredding Schedule Works for You?
Depending on the size of your financial institution, you may need a scheduled shredding service at regular intervals or more periodic one-time purges.
A scheduled shredding service is perfect if you have large quantities of paper documents and e-waste on an ongoing basis.
A one-time purge is great for end-of-year document purges, secure destruction after digitization projections, and corporate cleanups or reorganizations.
Regardless of your needs, Steel City Shredding can partner with you to create a custom plan. Our mobile shredding truck will come to your offices and shred on site, making the process quick, seamless, and secure.
Pittsburgh’s Most Secure Document Shredding Solution
Don’t let your paper trail become a cautionary tale. Partner with Steel City Shredding to securely dispose of documents and e-waste.
Clients in the financial sector love us not only for our secure and convenient services but also for the way we do business. The price you’re quoted is the price you’ll pay, with no hidden fees.
To discuss your shredding needs, call us at 412-496-1240 or contact us for a quote.
Note to Reader: The information found in this article is not comprehensive nor intended to serve as legal advice. For further guidance on the complexities of financial compliance, please seek legal counsel or direction from the appropriate federal and state agencies.