How to Choose a Shredding Company in New York: What to Look For Before You Sign

Identity theft remains one of the most prevalent financial crimes in New York, and businesses — not just individuals — are often both victims and unwitting enablers of identity theft through inadequate document disposal practices. New York State has enacted some of the nation’s strongest consumer protection laws targeting identity theft, and those laws create real legal obligations for businesses operating in the state. For New York employers, landlords, retailers, healthcare providers, and professional service firms, understanding your business obligations for identity theft prevention in New York through proper document disposal is both a legal necessity and a competitive advantage in building customer trust.

This guide walks through New York’s identity theft prevention laws, what they require from businesses regarding document disposal, and how a certified shredding program satisfies your legal obligations while protecting your customers, employees, and the business itself from the devastating consequences of identity theft incidents.

New York’s Identity Theft Prevention Legal Framework

New York has developed a comprehensive set of laws designed to prevent identity theft and protect consumers. Several of these laws directly impose document disposal obligations on businesses:

• New York General Business Law Section 399-h — Requires businesses to properly dispose of records containing personal information when those records are no longer needed; defines acceptable disposal methods including shredding, burning, and electronic erasure
• New York SHIELD Act (General Business Law Section 899-bb) — Requires businesses that own, license, or maintain computerized data with private information to implement reasonable safeguards including secure disposal
• New York General Business Law Section 380-j (Credit Reporting) — Limits how long certain financial information can be retained and requires proper disposal when retention periods expire
• Identity Theft Prevention and Mitigation Programs — Many New York industries have specific identity theft prevention programs imposed by state and federal regulators

These laws create overlapping obligations for most New York businesses. Visit our compliance page for more information on document security laws affecting New York businesses.

What New York Law Requires for Personal Information Disposal

New York General Business Law Section 399-h is particularly direct in its requirements. The law applies to any person or business that maintains records of personal information and must dispose of those records when they are no longer needed. Key provisions include:

Covered information: Any records containing personal information, defined as name plus any of the following: Social Security number, driver’s license or ID number, account number, credit or debit card number.

Required disposal methods:

• Shredding — using a cross-cut shredder that makes records unreadable and undecipherable
• Erasing — permanently deleting electronic records so they cannot be recovered
• Modification — otherwise making records unreadable or undecipherable

Prohibited disposal: The law explicitly prohibits disposing of records containing personal information in a manner that makes them accessible to the public, including placing them in a trash can or recycling bin without shredding.

Penalties: Violations can result in civil penalties of up to $100,000 per incident plus actual damages and attorney’s fees. The New York Attorney General has enforcement authority.

The Business Risk: Beyond Legal Penalties

While the legal penalties for improper document disposal are serious, the broader business consequences of enabling identity theft through poor disposal practices can be even more damaging:

• Civil lawsuits — Identity theft victims can sue businesses whose improper disposal contributed to their harm, seeking actual damages, punitive damages, and attorney’s fees
• Reputational damage — News coverage of a business whose discarded documents led to customer identity theft can be catastrophic in New York’s competitive market
• Regulatory investigations — A single incident can trigger investigations from multiple agencies, including the NY Attorney General, FTC, and industry-specific regulators
• Employee identity theft — Businesses that don’t properly dispose of employee records put their own workers at risk, creating HR and legal liability
• Business identity theft — Improperly discarded corporate documents can be used to commit business identity theft, opening fraudulent lines of credit or filing fraudulent tax returns in your company’s name

NY Identity Theft Law and Shredding: Specific Business Scenarios

Let’s look at how New York identity theft law shredding requirements apply in specific common business situations:

Employers and HR departments:

• Job applications containing SSNs must be shredded after the retention period expires (generally 1-3 years for unsuccessful candidates)
• Background check results must be shredded; they cannot simply be filed away indefinitely
• Terminated employee records containing personal information must be securely destroyed after meeting applicable retention requirements

Landlords and property managers:

• Tenant applications containing SSNs, credit information, and income documentation must be shredded after rejection or tenant move-out
• Lease renewal documents containing personal information must be properly disposed of

Medical practices:

• Patient intake forms, insurance cards, and billing records containing personal and financial information are subject to both HIPAA and NY identity theft law requirements

Retailers:

• Any paper records of credit card transactions, layaway agreements, or store credit applications containing personal information must be shredded

New York Data Breach Prevention Through Document Shredding

Proper document shredding is one of the most cost-effective forms of New York data breach prevention available to businesses. Physical document breaches — dumpster diving, theft of unshredded records, improper disposal — remain a significant cause of identity theft incidents in New York, despite the focus on cyber threats.

A comprehensive shredding program for your New York business includes:

1. Locked collection consoles throughout your office for secure collection of documents awaiting shredding
2. Regular scheduled shredding pickups on a frequency appropriate to your business volume
3. One-time purge services for clearing out old records files
4. Hard drive and electronic media destruction for digital records
5. Certificates of Destruction for every shredding event

Contact New York Shredding today to build a document disposal program that protects your customers, employees, and business from identity theft. We serve businesses throughout New York City, Long Island, Westchester, and the Hudson Valley. Explore our full range of services to find the right solution for your business.

Why New York Businesses Choose New York Shredding

For over a decade, New York Shredding Document Destruction, Inc. has helped businesses across New York City, Long Island, Westchester, and the Hudson Valley protect their sensitive information through certified, HIPAA-compliant shredding services. Our industrial-grade shredding equipment, locked on-site consoles, and Certificate of Destruction give your business the proof it needs for any compliance audit.

Whether you need scheduled shredding, a one-time purge, or hard drive destruction, we serve all five boroughs and surrounding areas with fast, reliable service. Request a free quote today and get your office on a shredding schedule that keeps you protected year-round.

Ready to get started? Contact New York Shredding for a free quote, or explore our full range of shredding services.