How 'Spring Cleaning' Your Document Destruction Policy Can Help Safeguard Confidential Data

1. Know when to hold and when to throw

Many businesses are required by law to keep confidential client information, as well as employee or company data for a minimum amount of time. There are numerous business records that should be held on to for a minimum of seven years, which can include employee agreements, business loan documentation, litigation records, as well as general expense reports and records including overhead expenses and professional consultation fees ₂.

Other documents may be kept for shorter, longer or an indefinite period of time and it's important to know what legal requirements are enforced for your industry to not only stay compliant, but to also dispose of documents you may no longer need. Regularly maintaining filing cabinets and securely disposing of old documents can help minimize risk of sensitive information falling into the wrong hands. The risks of keeping old documents containing sensitive data can be high – resulting in identity theft, fraud and potential financial loss or reputational damage.

• Create a retention policy: Determine which documents need to be kept and for how long. Limit the number of personnel who have access to files and storage closets and practice a company-wide commitment to this practice.
• Clearly mark a destruction date: The destruction date should be clearly marked on all records that are in storage. All file boxes should contain complete lists of their contents in a visible spot on the outside of the box so it is easily identifiable.
• Hire a reliable third-party vendor for your document destruction needs that will provide you with a certificate of destruction upon completion and also provide an opportunity for this material to be recycled once destroyed
• Out with the old, in with the new. Implement document destruction processes on a regular basis. Overhauling your current disposal process with a commitment to continuously destroying confidential data in a secure manner is one of the ways to mitigate the risks associated with data breaches.

2. Here are ways you can incorporate a 'spring cleaning' mentality into your company's every day process

Paper: Don't throw old papers or files into the recycling bin. Loose paper is often unattended before it has been recycled and can leave your organization vulnerable to potential security breaches. Papers in recycling bins can be misplaced or stolen. Instead, ensure you dispose of loose paper in a secure, locked console that cannot be accessed until it is ready to be shredded by a reliable professional.

Electronic sources: Erasing disks and drives is no guarantee that the data will be wholly eliminated. Physical destruction, rendering the object unreadable by any machine is the safest option.

Shred-all: Implementing a "shred-all" policy for the disposal process when all unneeded documents are fully destroyed on a regular basis. This dramatically minimizes any potential risk or exposure.

Developing a clear set of guidelines and aligning the disposal policies throughout the business will ensure that the decision to destroy is taken out of the hands of individual employees and will minimize the risk of a data breach for the organization. Whether intentional or unintentional, leaked information can be preyed upon by criminal groups in order to commit fraud and identity theft crimes. It is important to maintain regular secure disposal of paper waste, proper organization and maintenance of stored records as well as an efficient and sound process for destroying outdated records that are no longer needed.