Document Lifecycle Must Include Secure Disposal
Do you know what happens to all the confidential documents created in your workplace?
Hopefully, they’re not being thrown into recycling bins when they’re no longer needed.
While recycling paper is good for the environment and the amount of paper going to landfill has declined, with an estimated 78% of the UK's waste paper being recycled according to letsrecycle.com, the importance of document security has now taken centre stage. The average UK office worker uses 6,000 sheets of paper per year, so it is critical that workplaces adopt secure systems for document disposal.
Using open recycling bins is not one of them.
Putting confidential waste documents into open recycling bins creates huge risk of a data breach. Information thieves are always looking for unprotected documents that may contain personally identifiable information such as bank details, names and addresses.
Recycling bins should only be used for documents – and information – that are of no consequence. But that’s not always a simple document management process to implement.
Industry experts encourage workplaces to partner with a shredding company that provides a secure chain of custody and includes locked containers for documents that are no longer needed. Once documents are deposited into the bins they cannot be retrieved – until a security trained service representative removes them for on or off site shredding.
Here are some of the reported key findings of a study on the Security of Document Shredding Services carried out by the Ponemon Institute.
- One-third of respondents do not have a policy for the secure destruction of confidential documents. Without one, documents often end up in open recycling containers that provide opportunities for information thieves. For example, anyone in the office can see the information – consider that almost half of frauds against the private sector involve someone from inside the organisation, according to this Lifecycle of a Document infographic. Bins are emptied by caretaking staff into open recycling bins outside – and at that point, sensitive information may be taken by anyone. Materials are transported to a sorting facility where confidential information is still at risk of exposure and theft.
- While more than half (55%) train their employees on the secure disposal of confidential documents, only 38%say they are confident that employee training helps ensure the secure disposal of confidential documents. Training is an important aspect of introducing employees to a culture of security. But there are other ways to emphasise security awareness. Establish clear guidelines and policies for the destruction of sensitive documents. Also, implement a clean desk policy as well as security audits to identify security risks – and solutions.
- Nearly three-quarters of respondents believe that using outside shredding services for secure document destruction is more effective than relying on employees to properly shred and/or destroy confidential information. Industry experts also recommend a ‘shred-it all’ policy so that all documents are collected and stored in locked storage bins. This eliminates risk by removing the decision-making process regarding what is and isn’t confidential. It may remove temptation too.
- Among those respondents who say their organisation has a policy, more than half (51%) say it does not cover the secure destruction of hard drives. A document today is as likely to be saved in electronic form as it is to be on paper. Both need to be part of a secure document management process.
Speak to your document shredding company about hard drive destruction too.