Information Security

Paper Shredding Requirements

Under State Civil Code 1798.80-82, FERPA, and HIPAA, paper documents containing personally identifiable or confidential CSU Level 1 or Internal Level 2 information must be shredded.

Purchasing a Shredder

Departments that may shred Level 1 or Level 2 data should purchase cross-cut shredders with a minimum 1/8” strip cut X 2” cross cut. 

** Credit Card data must use cross-cut shredders.

For more information about shredder security levels see: Shredder Security Levels (PDF)

Shredding Requirements for Level 1 & Level 2 Data

Shredders used for the destruction of Level 1 & 2 data must be at least “shredder security level 3”, 1/8” x 2” Cross Cut.

On-Campus shredding of Level 1 data is available through FMS Facilities bins. 

  • CSU employees must monitor the destruction of Level 1 data.
  • Bins used for the collection of Level 1 data must be locked and inventoried.
  • Documents identified for destruction and removed from secured storage must be locked and secured until destruction.
  • Bins containing Level 1 data should not be released to individuals that do not present appropriate ID and proof of employment.
  • Appropriately shredded Level 1 documents may be recycled.

On-campus shredding of Level 1 data using unlocked Facilities bins is prohibited.