The Department of the Navy's Information Technology Magazine Notify Me of New Issue
Email this Article Email   

CHIPS Articles: Which Paper Shredder Should I Use?

Which Paper Shredder Should I Use?
By Steve Muck and Steve Daughety - October-December 2012
The Department of the Navy Chief Information Officer (DON CIO) Privacy Office receives frequent inquiries regarding paper shredding as a means of destroying unclassified documents containing personally identifiable information (PII). Some commonly asked questions include:
  • Which shredder should I purchase?
  • Should I use a straight cut or cross cut shredder?
  • What are the DON policy requirements?
  • How small is small enough with regard to shredder residue?
  • Where can I find a list of approved shredders?
  • Can I use a shredder service?

Paragraph 8.b. (1) of Secretary of the Navy Instruction (SECNAVINST) 5211.5E, Department of the Navy Privacy Program, states:

“Disposal methods are considered adequate if the records are rendered unrecognizable or beyond reconstruction (e.g., tearing, burning, melting, chemical decomposition, burying, pulping, pulverizing, shredding, or mutilation).”

The key words are: “rendered unrecognizable or beyond reconstruction.”

While there is no DON policy specifying the type of shredder to use, it is highly recommended and considered a best practice to always use a cross cut shredder. There have been cases involving straight cut shredders where the resulting paper strips could be pieced together to reconstruct privacy sensitive information. In one case, the straight cut shredder residue corresponded to the actual rows of a spreadsheet. As a result, none of the PII had been destroyed. DON policy does not address shredder residue size. As a best practice, refer to the National Institute of Standards and Technology (NIST) Special Publication 800-88, “Guidelines for Media Sanitization: Recommendations of the National Institute of Standards and Technology,” issued September 2006, which states:

“Destroy paper using cross cut shredders which produce particles that are 1 x 5 millimeters in size (reference devices on the NSA paper Shredder EPL), or to pulverize/disintegrate paper materials using disintegrator devices equipped with 3/32-inch security screen (reference NSA Disintegrator EPL.).”

The National Security Agency (NSA) Evaluated Products Lists (EPL) for shredders can be found at www.nsa.gov/ia/_files/government/MDG/NSA_CSS-EPL-02-01-Z.pdf.

An alternative to purchasing a shredder is to contract with a General Services Administration (GSA) approved shredder service. With increased public awareness regarding the threat of identity fraud, availability and use of shredder services continue to increase. Benefits of using a shredder service include:

  • Shredder services decrease labor hours and physical space disposal requirements;
  • Mobile services allow documents to be shredded on-site or to be taken away to be destroyed;
  • Certificates of destruction are issued to verify disposal;
  • Bulk disposal is extremely efficient; and
  • GSA approved shredder services are considered secure and in compliance with DON policy, and NIST and NSA guidelines.

While shredding is arguably the safest means of disposal, the use of burn bags remains a viable option. Regardless of the method of destruction, the creation of documents containing sensitive personal information should be avoided or minimized to the greatest extent possible.

Remember, the choice of a shredder must make paper documents containing PII unrecognizable or beyond reconstruction. DON policy does not specify specific particle size requirements, but a best practice states that particles should be 1 X 5 mm or smaller. Other disposal options are available and should be evaluated to determine what is best for the specific needs of your office.

Visit the DON CIO website at www.doncio.navy.mil and search “shredder” for information, tips and best practices.

Steve Muck is the Department of the Navy privacy lead.

Steve Daughety provides privacy policy support to the Department of the Navy.
Related CHIPS Articles
NSA Releases Cybersecurity Guidance “Selecting and Safely Using Multifactor Authentication Services”
JAIC facilitates first-ever International AI Dialogue for Defense
FBI Announces Strategy to Combat Cyber Threats and Impose Greater Costs to Cyber Actors
SECNAV Memo Delineates Defense Industrial Base Executive Steering Committee Charter and Members
The Cutting Edge of Defense
Related DON CIO News
Call for Nominations: 2021 DON IT Excellence Awards
Modernize, Innovate, and Defend Enabled by DON Data and Workforce
DON IT Conference, East Coast 2020 to be Held Virtually
A Message to the DON Community from Christopher P. Cleary, DON Chief Information Security Officer
DON IT Conference West Coast 2020 by the Numbers
Related DON CIO Policy
Destruction of Electronic Storage Media
Authorized Telework Capabilities and Guidance
Force Health Protection Guidance (Supplement 8) - DoD Guidance for Protecting Personnel in Workplaces during the Response to the Coronavirus Disease 2019 Pandemic
DON Privacy Program
DoD Privacy Impact Assessment Guidance

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer