Document Management: The Lifecycle of a Document Must Include Secure Disposal
Do you know what happens to all the confidential documents created in your workplace?
Hopefully, they’re not being tossed into recycling bins when they’re no longer needed.
While recycling paper is good for the environment and the amount of paper going to landfills has declined, according to paperrecycles.org (from about 40 million tons in 2000 to under 20 million tons in 2013), the importance of information security has now taken center stage. It is critical that workplaces adopt secure document management systems.
Using open recycling bins is not one of them.
Putting documents into open recycling bins creates a huge risk for a data breach. Information thieves are always looking for unprotected documents that may contain personally identifiable information such as Social Security numbers, names and addresses.
Recycling bins should only be used for documents – and information – that are of no consequence. But that’s not always a simple document management process to implement.
Industry experts encourage workplaces to partner with a shredding company that provides a secure chain of custody and includes locked containers for documents that are no longer needed. Once documents are deposited into the bins they cannot be retrieved – until a security trained service representative removes them for on or off site shredding.
Here are some of the reported key findings of a recent study on the Security of Document Shredding Services done by the Ponemon Institute.
One-third of respondents do not have a policy for the secure destruction of confidential documents. Without one, documents often end up in open recycling containers that provide opportunities for information thieves. For example, anyone in the office can see the information – consider that 61% of perpetrators in white-collar crimes are from inside the organization, according to this Lifecycle of a Document infographic. Bins are emptied by janitorial staff into open recycling bins outside – and at that point, sensitive information may be taken by dumpster divers. Materials are transported to a sorting facility where confidential information is still at risk for exposure and theft.
While more than half (55%) train their employees on the secure disposal of confidential documents, only 38%say they are confident that employee training helps ensure the secure disposal of confidential documents. Training is an important aspect of introducing employees to a culture of security. But there are other ways to emphasize security awareness. Establish clear guidelines and policies for the destruction of sensitive documents. Also, implement a clean desk policy as well as security audits to identify security risks – and solutions.
Nearly three-quarters of respondents believe that using outside shredding services for secure document destruction is more effective than relying on employees to properly shred and/or destroy confidential information. Industry experts also recommend a ‘shred-all’ policy so that all documents are collected and stored in locked storage bins. This eliminates risk by removing the decision-making process regarding what is and isn’t confidential. It may remove temptation too.
Among those respondents who say their organization has a policy, more than half (51%) say it does not cover the secure destruction of hard drives. A document today is as likely to be saved in electronic form as it is to be on paper. Both need to be part of a secure document management process.
Speak to your document shredding company about hard drive destruction too.