May 22, 2017
A good data breach prevention programme includes contracting the services of a trustworthy shredding company so there’s a secure process in place to destroy confidential information when it is no longer needed.
But as a government office in the UK found out, this doesn’t guarantee that all the confidential information a workplace handles is being securely destroyed.
In 2014, case files from children’s social workers employed by a county council were left in a filing cabinet that was given to a charity shop as part of an office move. Whoever was in charge of getting rid of the redundant furniture had not checked that the filing cabinet was empty and/or had not been concerned about the files that were still inside.Authorities were contacted after the shop sold the filing cabinet and the files were discovered by the new owner.
In March 2017, the Information Commissioner’s Office (ICO) reported the breach and fined the council £60,000. ICO officials said there should have been a written procedure that stipulated any storage items be checked thoroughly for personal items and information before removal from the office.
A Shred-it All Policy would have been a game changer. It is a company directive that specifies all documents are securely destroyed when they are no longer needed. The policy, in effect, embeds a process that protects confidential information and helps to change employee behaviour and make information security a mindset.
A Clean Desk Policy has become another critical way to protect confidential information in the workplace. Learn more with this free factsheet.