Information Security

Having a proper document destruction plan with staff is vital.

Discussing and implementing a proper document destruction plan with employees is vital to the security and productivity of your organization.  Having a written methods and procedure outline for data destruction compliance demonstrates the importance and priority of security within your company.  Tolerating noncompliant data discarding actually endorses the action and sends a poor image to your employees and customers. 

Consequences of improper data discarding can cost your organization a great deal of money, image and reputation.   Laws now require your organization to publically disclose when information has been released and potentially exposed to public domain.  After such an event, customers are far less likely to patronize your service.

How to implement an information destruction plan.

  • The best time to discuss data protection is upon hiring.  The sooner proper procedures are explained, the safer your organization will be.  Lack of training is the single most commonly cited reason for security breaches.
  • Don’t rely on verbal direction, have a written plan outlining clear instructions for your organization’s data destruction policies.
  • Discuss the consequences of improper data disposal and how it can affect everyone in the organization.  Proper safety measures protect their best interests as well as the organization.
  • Have periodic policy reminders.  Employees are busy at their jobs and can sometimes neglect the importance of security measures.  Periodic reminders convey the message of necessity while strengthening their disciplinary practices.

Office shredders break down and are very inefficient.

If you use or have used portable office shredders you are aware of how long it takes to shred a small pile of documents not to mention the horrible noise it makes disturbing all those nearby.  Imagine having the need to shred a box full of paper and the time it would take you away from your work.  In addition, small office shredders quite often break down the more you use them, deeming them highly ineffective when used as they are supposed to.  As a result, sensitive documents pile up until the machine is fixed or replaced, or in most cases they are simply thrown out in the trash or recycling bin.  If you needed a large document purge, it would be unthinkable and almost impossible to spend the time shredding one page at a time to clean out your files.  Infoshield Security’s on-site shredding trucks can shred 5000lbs. of paper per hour.  That’s about 300 lbs. of paper in about three minutes.   Could you imagine shredding that much paper with an office machine?

Is recycling sufficient to dispose of confidential information?

Absolutely not.  Recycling sorting facilities employ unscreened, unsupervised minimum wage workers to sift through large piles of paper to separate based on quality and size of the material.  The piles of full size paper are then baled and stored for weeks or months until finally sold to paper mills for recycling.  You can easily imagine the type of exposure documents could have while going through this process.  Proper and prudent document destruction is as important as any other stage in the life cycle of a record.

The ramifications of exposure.

If sensitive documents are insecurely disposed of either via a recycling process or simply discarded to the trash, you no longer retain the rights of ownership once it’s in the hands of someone else.  In the event of an audit or litigation, these actions could be considered negligent, thus your organization can become liable for damages, not to mention the loss of good will and corporate image.

The FBI estimates that the US loses approximately 50 billion dollars per year in identity theft.
Nine out of ten US companies employ people solely dedicated to competitive intelligence.
An organization could forfeit the right to defend its trade secrets and/or proprietary technology if it fails to secure the information.

Are you protected if you have a destruction program in place, but data is uncovered by an external source?

If your company records are uncovered by an external source, you must be able to produce a file of records showing adequate security measures.  This file should contain:

  • The Certificate of Destruction report signed by authorized personnel
  • Procedures that outline the chain of custody for sensitive data such as:
    • use of intra-office secured storage containers
    • authority to order destruction such as a vendor service agreement
    • approved method of destruction

With these measures, you maintain a legal audit trail ensuring the safeguarded methods of operation