Document Destruction: The Secure Lifecycle of a Document
Are there still open recycling bins for paper in your office?
There shouldn’t be.
While recycling paper is an important part of a sustainability program, leaving confidential information exposed this way dramatically increases the risk of a data breach. Recycling bins are a major source of white collar crime.
In fact, 78% of respondents in the Ponemon Institute’s The Human Factor in Data Protection Research Report said their organizations have experienced a data breach as a result of malicious or negligent employees or other insiders. The 2012 report also showed that 68% of security ‘mishaps’ occurred because employees don’t shred paper documents.
Recycling bins increase the risk of data breaches occurring outside of the office too. The contents of indoor recycling bins are dumped into a larger recycling bin outside – and any confidential information becomes available to a dumpster diver and other identity thieves.
Eventually, materials are trucked to a recycling facility – and who knows how many people sift through exposed documents along the way.
But privacy laws and legislation stipulate that all sensitive information must be securely managed and handled at every stage.
Information security must become a part of best practices. For example, experts recommend a disposal policy where all paper (and storage media) is securely protected and destroyed when it is no longer needed. Employees should be educated about policies and procedures.
Here is a step-by-step guide to ensuring the secure lifecycle of a document.
Creation: A document is generated and printed.
Usage: Employee access to confidential data is restricted, based on specific business needs of specific categories of personnel. (Employees are trained on information security best practices and never leave sensitive papers unattended on their desks, adhere to a Clean Desk Policy, and lock file cabinets and doors at the end of the day.) Any sensitive information that is shipped using outside carriers is inventoried and tracked.
Storage: A retention schedule based on legal regulations is determined for each type of document. Documents are labeled (by what they contain and when they must be destroyed) and securely stored – locked in a data room or file cabinet.
Destruction: A document destruction partner provides locked containers in the workplace so employees only have to put documents inside. Experts recommend a shred-all policy so that all documents are sent for secure destruction (this simplifies the process and removes the risk of employee error in determining what is or isn’t ‘confidential’). Security-trained personnel remove contents from the consoles on a regular basis and shred the documents using a cross cut shredder. A certificate of destruction is issued after every shred.
Recycling: Shredded paper is sent for recycling by the document shredding company, and the waste paper is turned into recycled paper products. Watch this video about the environmental benefits of shredding paper.
Learn more about why your workplace recycling bins are a major source of white collar crime.