
Many businesses are required by law to keep confidential client information, as well as employee or company data for a minimum amount of time. There are numerous business records that should be held on to for a minimum of seven years, which can include employee agreements, business loan documentation, litigation records, as well as general expense reports and records including overhead expenses and professional consultation fees 2.
Other documents may be kept for shorter, longer or an indefinite period of time and it's important to know what legal requirements are enforced for your industry to not only stay compliant, but to also dispose of documents you may no longer need. Regularly maintaining filing cabinets and securely disposing of old documents can help minimize risk of sensitive information falling into the wrong hands. The risks of keeping old documents containing sensitive data can be high – resulting in identity theft, fraud and potential financial loss or reputational damage.
Here are some tips for how your company can implement organizational information security policies for employees:
- Create a retention policy: Determine which documents need to be kept and for how long. Limit the number of personnel who have access to files and storage closets and practice a company-wide commitment to this practice.
- Clearly mark a destruction date: The destruction date should be clearly marked on all records that are in storage. All file boxes should contain complete lists of their contents in a visible spot on the outside of the box so it is easily identifiable.
- Hire a reliable third-party vendor for your document destruction needs that will provide you with a certificate of destruction upon completion and also provide an opportunity for this material to be recycled once destroyed
- Out with the old, in with the new. Implement document destruction processes on a regular basis. Overhauling your current disposal process with a commitment to continuously destroying confidential data in a secure manner is one of the ways to mitigate the risks associated with data breaches.