January 27, 2015
Are you a hoarder when it comes to business documents? Are your filing cabinets and drawers overflowing with paper? Do you store electronic devices such as hard drives and laptops containing confidential documents after they are no longer needed?
If you answered yes to any of these questions then it’s definitely time for you to reconsider your workplace document retention policy. And you’re not alone.
Poor handling of information by the British Transport Police (BTP) is putting the safety of the public and the police at risk, according to a report by the BBC earlier this month.
A whistleblower told the news service that the BTP has some 10,000 boxes of personal information in storage, dating back at least eight years. A similar number of intelligence reports stored electronically were to be deleted but are still on the system, the report said.
Also this month, the ICO issued a warning to shoe retailer Office after a hack into a historical database exposed the personal information of over one million customers. Not only was the information unencrypted but it was stored on a less secure server outside the company’s core server infrastructure.
A clear document retention policy is the best way to ensure that the confidential information of your customers, employees and other stakeholders is protected. Without this in place, organisations of all sizes risk the legal, financial and reputational damage of a security breach.
Although there are no specific minimum or maximum periods for retaining personal data under the Data Protection Act, the legislation does set standards that you must meet before you can use (or ‘process’) this information.
The DPA is governed by eight principles and particularly relevant to document retention are principles 3, 4 and 5, which outline your responsibility for ensuring any personal data you hold is adequate, relevant, accurate, up-to-date and not excessive, and that any data shall not be kept for longer than is necessary for the purpose it was collected in the first place.
Here are some tips for putting a document retention policy in place:
Shred-it has developed this guide to document retention which suggests some recommended minimum retention periods for various types of documents.