Cable, health care and many other service providers produce documents that contain confidential information, such as individuals’ addresses, payment details and other personal information, which must be disposed of in a secure manner. PCI Group offers secure destruction of these types of documents and uses single-shaft shredders manufactured by Weima America, Fort Mill, South Carolina, to perform these services.
PCI, a family-owned private transactional direct mail company, was founded in 1970 and is headquartered in Fort Mill. PCI handles confidential information for its clients and views privacy as a crucial aspect of its business.
Handle with care
Chris Kropac, president of PCI, explains that transactional direct mail contains sensitive personal information that needs to be handled with care.
“[It is considered transactional direct mail] anytime a company is mailing personal, confidential information—so an invoice with your name on it, a health record, an insurance claim—anything that is subject to regulatory compliance,” he says. “Even things like utility bills and telecom bills contain personal information about who you are, where you live and what you spent.”
Because transactional direct mail includes information that must be kept confidential, it must be handled in a more secure way than other types of direct mail, such as advertisements, Kropac says. “We have to protect the integrity of the data from the time the customer sends it to us, all the way until it reaches its final destination, whether that be in the consumer’s hands or it be disposed of,” he says.
Destruction of information happens daily at PCI, Kropac says. The company shreds blank paper, misprints and undeliverable mail using Weima shredders.
Weima America is the U.S.-based subsidiary of the Germany-based size-reduction equipment manufacturer Weima Group GmbH & Co. KG. The company manufactures shredders and other equipment that reduce manufacturing scrap for recycling or disposal.
Weima supplies various industries, says Audrey Brewer, marketing manager at Weima America, and the company manufactures shredders that can process wood, plastic, paper and metals.
PCI began using Weima equipment in July 2015. Currently, the company operates two Weima single-shaft shredders, one at its Fort Mill location and one at its Dallas location. Single- shaft shredders produce consistent shred sizes that help ensure data remain private, Brewer says, making them the right fit for PCI.
“[PCI’s] single-shaft shredder can also be batch fed, which is ideal for them since they store, behind lock and key, anything that needs to be shredded until they have enough to run,” she says.
Kropac says PCI chose Weima equipment because of its local service, product quality and ability to respond quickly when needed.
When PCI purchased its first Weima shredder, Kropac says the company needed shredding equipment to handle an increasing volume of paper. On average, Kropac says PCI shreds about 52,000 pounds, or 26 tons, of paper per month, which equates to approximately 624,000 pounds, or 312 tons, of paper per year.
Privacy and security of confidential information is of utmost importance for PCI.
“[PCI’s] application is interesting because most people who have [Weima] machines are looking for a recycling focus and the security is just a bonus,” Brewer says. “For them, the security portion of it was extremely important. That is their ultimate focus.”
PCI has several policies in place designed to keep the documents secure throughout the destruction process. “[PCI] actually has a staging area with the materials that need to be shredded that is locked. Even while it is waiting to be shredded, it is in a secured, locked area because privacy is its No. 1 concern,” Brewer says.
“We go through a lot of policies and processes to be sure that [destruction] happens securely,” Kropac says. “When customers transfer their data to us, it is encrypted. When we have it here, it is encrypted. When it is being handled and being printed, there are security cameras so we can have oversight of what happens to that data while it is here.”
While PCI could contract with a commercial information destruction firm to shred this sensitive information, Kropac says the company prefers to do this work in-house: “For chain of custody, it is more practical to have it right here,” he says. “Remember, we have cameras everywhere. If we were to hand [the data] off to a third party, then we lose sight of it.”
In securely destroying private information, PCI complies with a number of federal regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Information Security Management Act (FISMA), as well as with industry standards, including the Health Information Trust Alliance (HITRUST), Payment Card Industry Data Security Standard (PCI DSS) and American Institute of Certified Public Accountants’ Service Organization Control Reports Standard (SOC I&II).
Kropac says another reason PCI bought Weima shredders is because they allow the company to meet “regulations that dictate the shred size of sensitive, personal identifying information.”
The European security standard for paper destruction, DIN 66399, developed by the German Institute for Standardization, provides security levels based on the particle size a shredder produces. The smaller the particle produced, the higher security. With P-1-rated shredders producing the largest particles and P-7-rated shredders producing the smallest particles, PCI shreds to a P-6 rating.
“We shred to a P-6 rating, which is recommended for data carriers [who have] unusually high security standards [that need to be] maintained,” Kropac says. “Particle sizes are less than 10 millimeters squared.”
An additional security measure PCI takes is shredding nonconfidential material along with confidential material. “[We] shred data-sensitive printed material with nonsensitive printed material to prevent reconstruction,” Kropac says.
Kropac cites consistent shred size as one of the features that PCI finds most appealing about the Weima shredders. Machine safety, durability and ease of use also are aspects of the shredders that PCI finds attractive, he says.
After the information has been destroyed, Kropac says the shredded material is compacted and marketed to recyclers through Carolina Recycling and Consulting in Fort Mill.
PCI says its clients select the firm because it has rigid protocols to protect their sensitive information.