Data Breach Prevention: Why a Shred-it All Policy is the Clincher
A good data breach prevention program includes contracting the services of a trustworthy shredding company so there’s a secure process in place to destroy confidential information when it is no longer needed.
But as a government office in the U.K. recently found out, this doesn’t guarantee that all the confidential information a workplace handles is being put into the locked consoles to be destroyed.
In 2014, case files from children’s social workers employed by the Norfolk County Council were left in a filing cabinet that was shipped to a secondhand shop as part of an office move. Whoever was in charge of getting rid of the redundant furniture had not checked that the filing cabinet was empty and/or had not been concerned about the files that were still inside.Authorities were contacted after the store sold the filing cabinet and the files were discovered by the new owner.
This past March, the Information Commissioner’s Office (ICO) reported the breach and fined the Norfolk County Council £60,000 ($77,466 U.S. dollars). ICO officials said there should have been a written procedure that stipulated any storage items be checked thoroughly for personal items and information before removal from the office.
A Shred-it All Policy would have been a game changer. It is a company directive that specifies all documents are securely destroyed when they are no longer needed. The policy prevents employees from having to decide what should or shouldn't be shredded. This creates a process that protects confidential information and helps to change employee behavior and make information security a mindset.
A Shred-it All Policy is a particularly good starting point for companies who are not sure how to prevent a data breach. Here are the different ways it will help:
- When combined with the services of a document destruction company, a Shred-it All Policy establishes secure destruction as the default for all documents.
- The policy simplifies document disposal. All employees have to do is deposit paper documents into the locked consoles that have been provided.
- The policy protects information from both inside and outside fraudsters. Confidential information is not allowed in garbage cans or open recycling containers. The opportunity to steal documents this way will not be available to insider fraudsters and dumpster divers.
- The policy reduces the risk of employee error in deciding whether or not information is ‘confidential’ and needs to be destroyed. There is no question about confidentiality because all information is destroyed as a matter of course.
- The policy improves compliance to privacy laws across the board. In the U.K. and Europe, the Data Protection Act protects personal information (the General Data Protection Regulation (GDPR) will replace it next year). In the U.S., there are state, county and municipality privacy laws, specific industry laws (health, financial, etc.), and the Fair and Accurate Credit Transactions Act (FACTA) protects consumers. In Canada, privacy laws include the Personal Information Protection and Electronic Documents Act (PIPEDA).
- It supports a culture of total security, which all organizations are encouraged to have. A Shred-it all Policy helps teach employees to commit to security as a workplace best practice and standard.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.