Shredder DIN security levels refer to what particle size a shredder shreds your material into. Certain documents and data are more sensitive than others and therefore require to be shredded into smaller pieces, ensuring it would be impossible for anyone to piece them back together again. Companies and organisations have legal requirements with regard to the safe keeping and destruction of data – and private individuals are now more aware of the need to destroy sensitive documents to avoid the risks of ID fraud.
In order to define the latest requirements for the destruction of data, a new DIN security standard has been announced by the DIN Standards Committee on Information Technology and Applications (known as NIA in Germany). This new standard is referred to as DIN 66399 and replaces the previous DIN 32757.
NIA are responsible for developing standards and safety specifications for a number of information technologies and this new shredder standard takes into account the variety of new digital media forms which may need to be destroyed or shredded (e.g. Blu-ray discs and flash memory cards).
The following information refers to the requirements for companies in the destruction of data. However, if you are a private individual wishing to shred material you can also use these as guidelines for the shredder security level you need.
Three Protection Classes
Three protection classes help to classify what level of protection you need for your data. This in turn helps you to identify what security level is appropriate for the destruction of this data.
Protection Class 1 – Normal security requirement for internal data
The unauthorised publication or distribution of data would have a negative but limited impact on the company. Protection of personal data must be ensured – otherwise there would be a risk to the position and financial situation of the persons affected.
Protection Class 2 – High security requirement for confidential data
Unauthorised distribution would have a considerable effect on the company and could violate legal obligations or laws. The protection of personal data must fulfil strict requirements – otherwise, there would be a considerable risk to the social standing and financial situation of the persons affected.
Protection Class 3 – Very high protection requirement for particularly confidential and secret data
Unauthorised distribution would have serious consequences for the company (threatening its existence) and violate trade confidentiality obligations, contracts or laws. It is essential that the confidentiality of personal data is maintained. Otherwise there is a risk to the health and safety of the affected persons or a risk to their personal freedom.
Six Media Categories
Six media categories are defined under DIN 66399. They are as follows:
P – Information in original size (e.g. paper, films, printed forms)
F – Information in reduced form (e.g. microfilms, transparencies)
O – Optical data media (e.g. CDs, DVDs, Blu-ray discs)
T – Magnetic data media (e.g. floppy disks, cards with magnetic strips)
H – Hard drives with magnetic data media (e.g. from computers and laptops)
E – Electronic data media (e.g. flash drives, digital camera memory cards, bank cards)
Seven Security Levels
The previous DIN standard had five official security levels (a sixth ‘unofficial’ level was also sometimes referred to). However the new DIN 66399 has seven levels, with security level 1 being the largest particle size and level 7 being the smallest (and therefore most secure).
Each of the three protection classes has corresponding security levels:
Protection Class 1 – Security levels 1, 2, 3
Protection Class 2 – Security levels 3, 4, 5
Protection Class 3 – Security levels 5, 6, 7
The following are the recommended security levels for paper and other material/media:
Security Level P-1 – General documents (or other media) that need to be made illegible (shredded into at least 12mm wide strips or maximum particle size of 2000 mm²)
Security Level P-2 – Internal documents (or other media) that need to be made illegible (shredded into at least 6mm wide strips or maximum particle size of 800 mm²)
Security Level P-3 – Data that is sensitive, confidential or personal in nature (shredded into at least 2mm wide strips or maximum particle size of 320 mm²)
Security Level P-4 – Data that is highly sensitive, confidential or personal in nature (shredded into a maximum particle size of 160 mm²)
Security Level P-5 – Data that is secret in nature (shredded into a maximum particle size of 30 mm²)
Security Level P-6 – Data that is secret in nature where an exceptionally high level of security is required (shredded into a maximum particle size of 10 mm²)
Security Level P-7 – Data that is top secret in nature where the strictest level of security is required (shredded into a maximum particle size of 5 mm²)
Most shredders intended for home or personal use feature a security level between P-1 to P-4. If you are an individual looking to shred your own confidential data these levels (especially the higher ones) should be suitable in the vast majority of cases. As a general guide, levels P-5 to P-7 are for businesses and government departments who have highly sensitive or secret data to shred, although many businesses will use shredders with lower security levels when the data isn't that sensitive.
The other media categories aside from paper also have their own particular recommendations for security level and particle size. The following tables detail all of these security levels. For simplicity:
- level 1 refers to general data that needs to be made illegible
- level 2 refers to internal data that needs to be made illegible
- level 3 is for confidential data
- level 4 is for highly confidential data
- level 5 is for secret data
- level 6 is for highly secret data
- level 7 is for top secret data
| P – Information in original size (e.g. paper, films, printed forms) |
| P Security Level | Max Strip Width/ Particle Size |
|---|
| P-1 |
Strip width 12mm OR 2000 mm² |
| P-2 |
Strip width 6mm OR 800 mm² |
| P-3 |
Strip width 2mm OR 320 mm² |
| P-4 |
160 mm² |
| P-5 |
30 mm² |
| P-6 |
10 mm² |
| P-7 |
5 mm² |
| F – Information in reduced form (e.g. microfilms, transparencies) |
| F Security Level | Max Particle Size |
|---|
| F-1 |
160 mm² |
| F-2 |
30 mm² |
| F-3 |
10 mm² |
| F-4 |
2.5 mm² |
| F-5 |
1 mm² |
| F-6 |
0.5 mm² |
| F-7 |
0.2 mm² |
| O – Optical data media (e.g. CDs, DVDs, Blu-ray discs) |
| O Security Level | Max Particle Size |
|---|
| O-1 |
2000 mm² |
| O-2 |
800 mm² |
| O-3 |
160 mm² |
| O-4 |
30 mm² |
| O-5 |
10 mm² |
| O-6 |
5 mm² |
| O-7 |
0.2 mm² |
| T – Magnetic data media (e.g. floppy disks, cards with magnetic strips) |
| T Security Level | Condition/Max Particle Size |
|---|
| T-1 |
Inoperable |
| T-2 |
2000 mm² |
| T-3 |
320 mm² |
| T-4 |
160 mm² |
| T-5 |
30 mm² |
| T-6 |
10 mm² |
| T-7 |
2.5 mm² |
| H – Hard drives with magnetic data media (e.g. from computers and laptops) |
| H Security Level | Condition/Max Particle Size |
|---|
| H-1 |
Inoperable |
| H-2 |
Damaged |
| H-3 |
Deformed |
| H-4 |
2000 mm² |
| H-5 |
320 mm² |
| H-6 |
10 mm² |
| H-7 |
5 mm² |
| E – Electronic data media (e.g. flash drives, digital camera memory cards, bank cards) |
| E Security Level | Condition/Max Particle Size |
|---|
| E-1 |
Inoperable |
| E-2 |
Split |
| E-3 |
160 mm² |
| E-4 |
30 mm² |
| E-5 |
10 mm² |
| E-6 |
1 mm² |
| E-7 |
0.5 mm² |
Therefore, a microfilm which would fall under media category ‘F’ that was secret in nature and needed level 5 security (i.e. level F-5) would need to be shredded to a particle size of at least 1 mm².
A hard drive which would fall under media category ‘H’ and was sensitive or confidential in nature needing level 3 security (i.e. level H-3) would need to be deformed in order to meet the new DIN requirement.
