Shredding Laws

There are many laws in effect that require businesses to protect the privacy of their clients. Not knowing these laws is a mistake with legal and financial consequences, which are both easily avoidable. Breaking these laws is as easy as throwing a piece of paper in the trash. Utah Shred can help you establish the correct shredding policies, document retention, and shredding practices for your organization. Managing your document retention needs effectively can eliminate the cost of retaining documents longer than their suggested retention periods.

For your convenience, we have listed the most current suggested retention period guidelines. Please note that this is only a general guide and each state, industry, and company’s actual retention period guidelines must be determined individually.

Considerations should be made to federal and state guidelines, as well as your own operational needs. You should consult your legal advisor for a more detailed retention guide.

Described below are several of the federal laws and their requirements.


Health Insurance Portability & Accountability Act (HIPAA)


This federal law passed by Congress in 1996, and the accompanying 2002 regulation known as the Privacy Rule, applies to all health care entities and restricts how health care providers may handle and disclose personal Protected Health Information (PHI). PHI is defined as any identifiable health, medical, or demographic information that describes the individual’s personal identity. This includes, but is not limited to, name, address, phone number, e-mail, photographs, charts, tests, records, etc. In general, health care entities must ensure that only approved personnel handle protected health information and then only for purposes specified in the law and regulation.

Health Information Technology for Economic and Clinical Health (HITECH)


The Health Information Technology for Economic and Clinical Health (HITECH), enacted by the federal government in 2009, enhances and amplifies the HIPAA laws.


Fair and Accurate Credit Transactions Act (FACTA)

Effective June 2005, the Fair and Accurate Credit Transactions Act of 2003 was designed to protect consumers from the increasingly common crime of identity theft. This particular law applies to every business in America that collects customer information to ensure that the information is protected from unauthorized access or use. In addition, the Disposal Rule requires that when such information is discarded, it must be appropriately destroyed by shredding, burning, or pulverizing.


The Gramm-Leach-Bliley Act

This 1999 act was instituted to modernize financial institutions and businesses that receive personal information in the course of conducting business. This law contains the Financial Privacy Rule, which requires financial institutions to provide their clients with comprehensive privacy notices. The act also includes the Safeguards Rule, which requires most financial institutions to establish thorough standards and safeguards for the handling and disclosure of that information.


The Sarbanes-Oxley Act

This act was passed in 2002 in response to many of the corporate and security fraud violations that were making news at the time. It is extremely detailed and implements a wide range of requirements that companies must abide by. Within these rules, it is clearly defined that the “destruction, alteration, or falsification of records in federal investigations and bankruptcy,” along with the “destruction of corporate audit records,” are illegal and could possibly result in a large fine and as many as 10 years of imprisonment.


The Economic Espionage Act


This act, passed in 1996, concerns trade secrets and the theft thereof. While it is certain that you would not knowingly try to steal or sell trade secrets, the act does make it clear that large fines and possible imprisonment await any person or organization who “without authorization copies, duplicates, sketches, draws, photographs, downloads, uploads, alters, destroys, photocopies, replicates, transmits, delivers, sends, mails, communicates, or conveys a trade secret.” As this applies to throwing a trade secret in a public garbage lot, shredding information related to trade secrets is extremely important. It is also cost-effective, especially considering that organizations that violate this act can be fined as much as 10 million dollars!


Red Flag Rules


This act requires financial institutions and creditors to develop and implement an identity theft prevention program in connection with both new and existing accounts. This must include reasonable policies and procedures for detecting and preventing identity theft. Financial institutions faced a mandatory deadline of November 1, 2008 to comply.

Federal Privacy Act of 1974

This law was established in 1974 to ensure that government agencies protect the privacy of individuals and businesses with regard to information held by them and to hold these agencies liable for any information released without proper authorization.


Family Educational Rights and Privacy Act (FERPA)


The Family Educational Rights and Privacy Act (FERPA) is a federal U.S. law that protects the privacy of student education records.


Business Records Retention Schedule


Utah Shred assumes no liability for the information contained therein. It is merely a guide and you are urged to consult your company’s accounting and legal consultants to review and approve your final schedule. 


Accident Reports/Claims (Settled Cases):     7 Years

Accounts Payable Ledgers And Schedules:     7 Years

Accounts Receivable Ledgers And Schedules:     8 Years

Audit Reports:     Permanently

Bank Statements:     7 Years

Capital Stock And Bond Records:     Permanently

Ledgers, Transfer Registers, Stubs Showing Issues, Record of Interest Coupons, Options, Etc:     Permanently

Charts Of Accounts:     Permanently

Checks (Cancelled Checks For Important Payments, Special Contracts, Purchase Of Assets, Payment Of Taxes, etc. Checks Should Be Filed With The Papers Pertaining To The Underlying Transaction:     Permanently

Checks (Cancelled Except Those Noted Above):     7 Years

Contracts And Leases (Expired):      7 Years

Contracts And Leases Still In Effect:     Permanently

Correspondence, General And Schedules:     2 Years

Correspondence, Legal And Important Letters:     Permanently

Correspondence, Routine With Customers/Vendors:      2 Years

Deeds, Mortgages And Bills Of Sale:     Permanently

Depreciation Schedules:      Permanently

Employee Personal Records (After Termination):     10 Years


Employment Applications:     3 Years

Financial Statements (Year-end, Other Months Optional):     Permanently

General Ledgers, Year-end Trial Balances:     7 Years

Insurance Records, Policies, etc:     Permanently

Internal Audit Reports:     7 Years

Inventory Records:     7 Years

Invoices to Customers Or From Vendors:     7 Years

IRA And Keogh Plan Contributions, Rollovers, Transfers And Distribution:     Permanently

Minute Books Of Directors, Stockholders, Bylaws & Charter:     Permanently

Payroll Records, Summaries And Tax Returns:     7 Years

Petty Cash Vouchers:     7 Years


Property Records, Including Costs, Depreciation Reserves, Year-End Trial Balances, Depreciation Schedules, Blueprints, And Plans:     Permanently

Purchase Orders:     7 Years

Receivables records:     7 Years

Safety Records:     10 Years

Sales Records:     7 Years

Stock And Bond Certificates (Cancelled):     Permanently

Subsidiary Ledgers:     7 Years

Tax Returns, Revenue Agents' Reports, And Other Documents Relating To Determination Of Income Tax Liability:     Permanently


Time Cards And Daily Reports:     7 Years

Trademark Registrations, Patents, And Copyrights:     Permanently

Voucher Register And Schedules:     7 Years


Vouchers For Payments To Vendors, Employees, etc. (Includes Allowances & Reimbursements Of Employees, Officers, etc., For Travel & Entertainment Expenses):     7 Years


First list item. Add your own content here or connect to data from your collection.


Second list item. Add your own content here or connect to data from your collection.


Third list item. Add your own content here or connect to data from your collection.


Fourth list item. Add your own content here or connect to data from your collection.


Fifth list item. Add your own content here or connect to data from your collection.


Sixth list item. Add your own content here or connect to data from your collection.


Seventh list item. Add your own content here or connect to data from your collection.

Contact Us
Office Hours
We Accept

450 East 2200 South (Wentworth Ave)

Salt Lake City, Utah 84115


Phone: 801-487-3630

Fax: 801-466-9412



​© Utah Shred 2019








We’re Closed For All Major Holidays.

8:00 AM - 5:00 PM
8:00 AM - 5:00 PM
8:00 AM - 5:00 PM
8:00 AM - 5:00 PM
8:00 AM - 5:00 PM

Discover Card
Master Card
American Express