July 17, 2018

What Types of Documents Should I Shred?

A professional document shredding company uses industrial grade cross-cutting equipment so sheets of paper are reduced to confetti-like pieces that are impossible to put back together. While this kind of professional shredding process protects confidential and personal information on paper, do all employees know exactly what documents must be protected this way? 

The research on employee negligence suggests not. The 2018 State of the Industry Report on Information Security by Shred-it showed that 84% of C-Suites and 51% of small business owners admit employee negligence is one of their biggest information security risks.

But to keep information safe and sound, it is important to recognize ‘confidential’ and ‘personal’ information.

4 Types of Information that Need Data Protection

1. Personally Identifiable Information (PII)

Personally identifiable information (PII) is information that identifies, locate or contact a person in some way, such as name, address, birth date, phone number, and personal identification numbers. Identity thieves use this data to commit offenses or create new identities – and apply for loans or credit cards and file fraudulent tax returns, etc. PII is also sold to marketing firms or companies that specialize in spam campaigns.   

2. Data Protected by Privacy Laws

This includes data handled by governments, public or private organizations, and other individuals that store and use personal and confidential information of individuals. There are many privacy laws in place at different levels of government and by industry sector. In the financial sector, companies are regulated by the Gramm-Leach-Bliley Act. In health services, confidential health information is protected by the Health Insurance Portability and Accountability Act (HIPAA). One of the newest privacy laws is the EU General Data Protection Regulation (GDPR). Non-compliance of privacy laws can lead to large fines and jail time.

3. Corporate Information

Anything that may pose a risk to a company if a competitor or the general public gets a hold of it, needs to be protected. This information includes trade secrets, acquisition plans, financial data, and supplier and customer information; also, executive-level correspondence, contracts, and HR data like medical records, payroll information and performance appraisals.

4. Financial Information

Data used by an individual or company in banking, billing, and insurance must be protected. It includes credit and debit card information and data that can be used to access accounts or process financial transactions.  

How to Make Data Security a Priority in Your Organization

  • Create a culture of security throughout the workplace with reminders to protect confidential information and on-going security education at all levels.
  • Conduct a risk assessment of the workplace to identify areas of risk such as printing stations, messy desks, and exposed recycling bins. Develop policies that can help to remove the risk. For example, partner with a professional document destruction company for secure shredding services. Implement a Clean Desk Policy to help the office remain clutter-free too.
  • Put a comprehensive retention schedule in place so that documents are kept for the appropriate amount of time and then securely destroyed.
  • Experts recommend adopting a Shred-it All Policy so that all documents are destroyed when no longer needed. This will take the guess work out of what and what not to shred.

Start Protecting Your Business

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.