April 03, 2017

What to Shred and What to Keep

The new financial year is a great time for companies and individuals to review all of their paperwork and stored documents, and to securely dispose of printed information that is no longer needed, according to their document retention policy.

While the 2016 State of the Industry Report by Shred-it showed a growing awareness among C-Suites and small business owners (SBOs) about the legal requirements of storing and disposing of confidential data, 35% of SMEs still think lost or stolen information wouldn’t have a serious impact.

But lost or stolen information can increase the risk of a data breach, and there can be significant fines for non-compliance. Organising and disposing of old paperwork will also improve the overall efficiency of a workplace.

Not sure what documents to keep?  

Businesses are required by law to keep confidential client, employee, and company data. The types of documents that are typically regulated include financial records as well as business contracts and other formal company documents, accounting records, personnel files, purchasing and sales documents and insurance documents.

Retention periods begin after the termination of the item and vary by country and according to the type of document and the related legislation. For example, payroll records must be stored for 6 years while job application records must be kept for at least 6 months. 

Regulatory authorities such as the Information Commissioner Office (ICO) provide current requirements.   

What documents should be shredded?

  • Documents past the minimum retention period: Holding documents longer than necessary increases the risk of a data breach and of non-compliance. According to the Data Protection Act documents should be securely shredded to ensure irreversible destruction.
  • Documents that have been converted to digital files: Some businesses are using electronic accounting software programs or other electronic systems to scan and organise records. The program or system should meet basic record-keeping requirements that apply to hard copy books and records.
  • Post-it notes and other scraps of information: Writing passwords and other confidential information on post-it notes or scraps of paper is a common habit – and not recommended. Keeping information this way increases the risk of a data breach. 
  • Non-solicited credit card and insurance offers, and other junk mail: Any documents that include names, addresses, and other private information should be securely destroyed.  A Shred-it all Policy is a good way to make sure all documents are destroyed when no longer needed.

For the secure destruction of data, partner with a document destruction company that has a chain of custody and provides secure shredding services. The company should have the knowledge and expertise to tailor document destruction services across all industry sectors. It should also provide a Certificate of Destruction after every shred.

Check Shred-it’s records retention guidelines for more information on which documents to shred and which to keep.