What Is DIN 66399 and What Shred Level Does Your Business Need?

DIN 66399 document shred security levels comparison
/ Uncategorized / By

When it comes to document security, not all shredding is equal. The DIN 66399 standard—developed by the German Institute for Standardization and widely adopted internationally—provides a comprehensive framework for classifying the security level of document and media destruction. For New York businesses operating in regulated industries, understanding DIN 66399 shred levels can help you choose the right level of destruction for your specific compliance requirements. Whether you are protecting patient records, financial data, or attorney-client privileged documents, the security level you choose matters.

Many businesses assume that any shredding is sufficient. In reality, strip-cut shredding—the type performed by most consumer-grade office shredders—leaves documents partially reconstructable and falls at the lowest end of the DIN 66399 security spectrum. For businesses subject to HIPAA, FACTA, GLBA, or the New York SHIELD Act, higher security levels are not just recommended—they may be legally required.

DIN 66399 document shred security levels comparison

Understanding the DIN 66399 Standard

DIN 66399 replaced the earlier DIN 32757 standard and introduced a more granular classification system that covers not just paper documents but also optical media, magnetic media, and electronic storage devices. The standard defines three material categories—paper (P), optical media (O), and magnetic and electronic media (T, E, F, H)—and within each category, assigns security levels from 1 (lowest) to 7 (highest).

For paper documents, which remain the primary concern for most New York businesses, DIN 66399 defines seven security levels (P-1 through P-7) based on the maximum particle size produced by the shredder. Learn more about the shredding process and how particle size translates into real-world security.

  • P-1: Strip cuts up to 2,000 mm²—suitable only for general internal documents with no sensitive content
  • P-2: Strip cuts up to 800 mm²—appropriate for non-sensitive internal documents
  • P-3: Particles up to 320 mm²—suitable for confidential internal documents
  • P-4: Particles up to 160 mm²—appropriate for sensitive and confidential data, the minimum recommended for most business documents
  • P-5: Particles up to 30 mm²—required for documents with particularly sensitive personal data
  • P-6: Particles up to 10 mm²—used for highly sensitive government and defense-related documents
  • P-7: Particles up to 5 mm²—the highest level, for top-secret documents requiring maximum destruction

What Shred Level Do Most Businesses Need?

For the vast majority of New York businesses, DIN 66399 P-4 provides the minimum appropriate security level for documents containing personally identifiable information (PII), financial records, and other sensitive business data. Many professional shredding companies, including those serving the healthcare, legal, and financial industries, default to P-4 or higher as their standard destruction level.

P-4 shredding produces particles no larger than 160 mm², which makes reconstruction of a complete document extremely difficult without extraordinarily sophisticated equipment and resources. For most practical purposes, P-4 shredding renders documents permanently unreadable. Explore our shredding services to learn about the security levels we offer.

  • Healthcare organizations handling PHI under HIPAA: Minimum P-4, typically P-5 recommended
  • Financial institutions subject to GLBA and FACTA: Minimum P-4
  • Legal and law firms with attorney-client privilege documents: P-4 to P-5
  • General business documents with PII: P-4
  • Government agencies with classified or sensitive records: P-5 to P-7
  • Defense contractors and intelligence-related organizations: P-6 to P-7

DIN 66399 for Electronic Media and Hard Drives

DIN 66399 extends beyond paper to cover electronic storage media. For hard drives, SSDs, USB drives, CDs, DVDs, and magnetic media, the standard defines separate security levels that describe the degree to which media must be physically destroyed. This is particularly relevant for New York businesses upgrading equipment, decommissioning servers, or disposing of old computers.

Simply deleting files or even running a data wiping software does not meet the physical destruction requirements of higher DIN 66399 security levels. Physical shredding of hard drives and other electronic media is the only method that guarantees compliance at the highest security levels. Our hard drive destruction services meet the requirements for businesses needing certified electronic media destruction.

  1. H-1 to H-5: Progressive levels of hard drive destruction, from deformation to complete pulverization
  2. E-1 to E-6: Levels for electronic components and circuit boards
  3. T-1 to T-7: Levels for magnetic media including backup tapes and floppy disks

How Professional Shredding Companies Apply DIN 66399 Standards

Reputable shredding companies in New York operate industrial-grade shredders capable of achieving P-4 and higher security levels. Unlike consumer office shredders—which typically achieve P-2 or P-3 at best—industrial shredders use multiple cutting stages to reduce documents to particles well within DIN 66399 P-4 or P-5 specifications.

When you choose a certified shredding company, you receive documentation that your documents were destroyed to the required security level. A Certificate of Destruction specifies the security level achieved, giving your business auditable proof of compliance. Contact New York Shredding to learn about the security levels we certify in our destruction process.

Choosing the Right Shred Level: A Practical Guide for NY Businesses

If you are unsure what DIN 66399 shred level your business requires, consider the sensitivity of the information you are destroying and the regulatory requirements that apply to your industry. When in doubt, opting for P-4 or higher is a safe choice for most businesses dealing with PII, financial data, or legally privileged information.

Working with a professional shredding company that understands compliance requirements in your industry is the best way to ensure you are meeting all applicable standards. Our team can help you assess your needs and recommend the appropriate service level. Visit our compliance resources for more guidance on regulatory requirements affecting document destruction.

  • Audit what types of documents your business generates and retains
  • Identify which regulatory frameworks apply to your industry
  • Match document categories to appropriate DIN 66399 security levels
  • Choose a certified shredding company that documents the security level achieved
  • Review and update your shredding policy annually as regulations evolve

Why New York Businesses Choose New York Shredding

For over a decade, New York Shredding Document Destruction, Inc. has helped businesses across New York City, Long Island, Westchester, and the Hudson Valley achieve the document security levels required by their industries. Our industrial-grade shredding equipment achieves the security levels needed for HIPAA, FACTA, GLBA, and SHIELD Act compliance, and every destruction event is documented with a Certificate of Destruction.

Whether you need scheduled shredding on a recurring basis, a one-time document purge, or certified hard drive destruction, we serve all five boroughs and surrounding areas with fast, reliable service. Request a free quote today and get your business on a shredding program calibrated to the security level your compliance requirements demand.

Ready to get started? Contact New York Shredding for a free quote, or explore our full range of shredding services.

Scroll to Top