Security breach? It'll never happen to me: Document Destruction Policy

1. Being compliant - is your business aware of legal data security policies?

Ensuring that an organisation is compliant with legal requirements regarding data destruction policies is a basic necessity for any business but the research highlighted that that over a fifth (22 per cent) of firms classify themselves as either 'not at all aware' or 'not very aware' of their legal responsibility to keep secure confidential information relating to staff and customers.

So what can British organisations do to increase their awareness around legal data security policies? Some first steps to consider are:

• Stay informed – country legislation can change – a great resource is the Information Commissioner's Office’s site.
• Make sure you have formal information security policies in place; train your employees to know the policies well and follow them rigorously.
• Make sure you have formal information security policies in place; train your employees to know the policies well and follow them rigorously.
• Limit the number of people who handle confidential documents. Be careful when hiring new employees. Perform full reference checks and background checks and, where warranted, ask your new hires to sign confidentiality agreements.
• Demonstrate a top-management commitment to the total security of your business and customer information.

2. Implementing document destruction policies and protocols

Just half (48 per cent) of firms polled were able to confirm that they had undertaken a review of their secure document destruction processes during the last 12 months and, remarkably, a further 37 per cent conceded that they had either never reviewed these processes (21 per cent) or did not know when or if a review had been undertaken.

In order to avoid the risk of a data security breach it is important that small organisations implement information security policies and protocols:

• Introduce a “shred-all” policy that means all unneeded documents are fully destroyed on a regular basis.
• Conduct a periodic information security audit.
• Don’t overlook hard drives on computers or photocopiers. Erasing your hard drive does not mean that the data is gone. Physical hard drive destruction is proven to be the only 100 per cent secure way to destroy data from hard drives.
• Hire a reliable vendor that is well-informed and keeps you compliant with pertinent legislation, training requirements etc. Finding a vendor that provides you with a certificate of destruction upon completion is ideal.

3. 3. Training your employees on document destruction procdures

Ensuring that an organisation is compliant with legal requirements regarding data destruction policies is a basic necessity for any organisation and the research found that more than two thirds of British SMEs 68 per cent either never train their employees on company information security procedures and protocols (30 per cent), or do so only on an ad hoc basis (38 per cent).

Safeguarding data does not need to be an onerous task and there are simple steps any organisation of any size can take to minimise its risk factor. These include:

• Securely shredding confidential data - not simply placing it in recycling bins.
• Having a locked confidential paper receptacle in your office will ensure that no one has access to sensitive documents after they have been disposed.
• Limit physical access to storage closests and online access to sensitive or confidential files

By taking such steps and regularly reviewing security policies, organisations large and small can protect themselves from the significant long-term impact of a data breach. If staff are not aware that there are policies and procedures in place, mistakes may occur, which could prove potentially fatal to the future of the business.