Data Breach Prevention: Why a Shred-it All Policy is the Best Defence
A good data breach prevention programme includes contracting the services of a trustworthy shredding company so there’s a secure process in place to destroy confidential information when it is no longer needed.
But as a government office in the UK found out, this doesn’t guarantee that all the confidential information a workplace handles is being securely destroyed.
In 2014, case files from children’s social workers employed by a county council were left in a filing cabinet that was given to a charity shop as part of an office move. Whoever was in charge of getting rid of the redundant furniture had not checked that the filing cabinet was empty and/or had not been concerned about the files that were still inside.Authorities were contacted after the shop sold the filing cabinet and the files were discovered by the new owner.
In March 2017, the Information Commissioner’s Office (ICO) reported the breach and fined the council £60,000. ICO officials said there should have been a written procedure that stipulated any storage items be checked thoroughly for personal items and information before removal from the office.
A Shred-it All Policy would have been a game changer. It is a company directive that specifies all documents are securely destroyed when they are no longer needed. The policy, in effect, embeds a process that protects confidential information and helps to change employee behaviour and make information security a mindset.
Introducing a Shred-it All Policy is a key step in preventing data breaches. Here are the different ways it will help:
- When combined with the services of a document destruction company, a Shred-it All Policy establishes secure destruction as the default for all documents.
- The policy simplifies document disposal. All employees have to do is deposit paper documents into the locked consoles that have been provided.
- The policy protects information from fraudsters. Confidential information is not allowed in waste or recycling bins, meaning the opportunity to steal documents this way will not be available to those with criminal intent.
- The policy reduces the risk of employee error in deciding whether or not information is ‘confidential’ and needs to be destroyed. There is no question about confidentiality because all paper-based information is destroyed as a matter of course.
- The policy improves compliance with data protection laws across the board. The introduction of the General Data Protection Regulation in May 2018 will bring widespread reform to existing law, including punitive fines of up to 4% of global turnover or €20m. A Shred-it All policy is a simple way to demonstrate compliance.
- It supports a culture of total security, which all organisations are encouraged to have. A Shred-it All Policy helps teach employees to commit to security as a workplace best practice and standard.
A Clean Desk Policy has become another critical way to protect confidential information in the workplace. Learn more with this free factsheet.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and data security survey.