April 06, 2015

Don’t Get Caught on the Hop – Spring Clean your Document Destruction Policy

It’s the time of year when the Easter Bunny makes a visit, hiding Easter eggs in places the children can never find (come on Dad, they just aren't tall enough to reach the top of the Grandfather clock!), leading to tantrums and meltdowns that only eating their body weight in chocolate can put right.

It’s also the time of year when you might be thinking of having a Spring clean in the office, particularly at year-end when you may have a scheduled clear out of old documents held in storage. However it’s important to have a clear document destruction policy in place to avoid any tantrums and meltdowns that require more than chocolate to remedy.  

“Spring cleaning” your document destruction policy and having a security checklist can help your company comply with regulation when disposing of sensitive information. Security firm Symantec has shown that 31% of all data breaches are a result of negligence, providing evidence that there is a lack of awareness of the need to implement such procedures for employees to follow.

Businesses should ensure that old, outdated and unwanted sensitive information is securely destroyed. Doing so will help organisations reduce the potential risk of a data breach, resulting in fraud or identity theft of the company itself or its customers.

Know when to store and when to shred

Here are some tips for how your company can implement information security best practices for employees to follow:

  • Create a retention policy. Determine which documents need to be kept and for how long. Limit the number of personnel who have access to files and storage areas and ensure a company-wide commitment to this practice through regular education and auditing.
  • Clearly mark a destruction date. The destruction date should be clearly marked on all records that are in storage. All file boxes should contain complete lists of their contents in a visible place on the outside of the box so it is easily identifiable.
  • Hire a reliable secure destruction partner.  If you decide to outsource your document destruction make sure the company you choose is secure (EN15713 accreditation and BS7858 security vetting of staff are a good indicator of this), will provide you with a certificate of destruction and recycle the material once destroyed.
  • Out with the old, in with the new. Implement document destruction processes on a regular basis. Overhauling your current disposal process with a commitment to continuously destroying confidential data securely, as opposed to stockpiling, is one of the ways to mitigate the risks associated with data breaches.

Incorporate a 'spring cleaning' mentality into your everyday processes:

  • Paper: Don't throw old papers or files into the recycling bin. Loose paper is often unattended before it has been recycled and can leave your organisation vulnerable to potential security breaches. Papers in recycling bins can be misplaced or stolen. Instead, ensure you dispose of loose paper in a secure, locked console that cannot be accessed until it is ready to be shredded by a reliable professional.
  • Electronic sources: Erasing disks and drives is no guarantee that the data will be wholly eliminated. Physical destruction, rendering the object unreadable by any machine is the safest option.
  • Shred-all: Implementing a "shred-all" policy for the disposal process when all unneeded documents are fully destroyed on a regular basis. This dramatically minimises the potential risk of exposure.

Check out our security checklist for more simple information security and document destruction best practices.