HOW TO ADHERE TO NEW DOCUMENT SECURITY LAWS

By SBGGuy on January 20, 2011 In Business





There are numerous legal requirements regarding document security. Legislation is divided into two categories; Federal Legislation and State/Provincial Legislation. Each state has its own set of legislation that are to be followed by businesses functioning within that state. Following the country or state’s legislation might not be the most feasible idea for a business owner , especially with the amount of time consumed in understanding the legislation and the resources required to implement it . That is why many small business owners have decided it makes more sense to be contracting with companies that offer a total document security management system. A company like this is well equipped to keep your company protected . Even then, there are certain regulations that need to be followed by business owners.

“All businesses deal with confidential information. These can include CDs and other electronic media that is outdated, hard drives from expired computers, and hard drives from expired computers, as well as customer lists, price lists, sales statistics, and drafts of bids and correspondence. Then there is private employee documents like salary schedules, employment applications, employee files, letterhead, and even bills, that contain confidential information that must be kept private. The simplest of documents in the hands of criminals can cause momentous problems, and even potential law suits . Federal and state regulations mandate that employees and customers have a legal right to have their data protected,” says Kelley Johannsen, MBA, General Manager, Shred-it Arizona. “Without the proper safeguards and procedures in place, information ends up in the trash where it is effortlessly , and legally available to anybody. The trash is judged null ID thieves as the single most accessible source of valuable inside information from the typical business. Any institution that improperly discards business documents and papers exposes itself to the risk of legal problems , as well as the costly loss of business.”

I would summarize the key habits and practices your business should implement as follows.

1. Shred it all on a regular basis null avoid the risks of human error or poor judgment about what needs to be shredded. Don’t all an accumulation of documents and files that is stored in different parts of your office , creating a security risk.

2. Don’t take unshredded documents to a recycler company. You don’t want to be concerned about what is happening where you can’t see it.

null You will make sure that their are no security gaps in the process if you use a professional service. Outsourcing also saves the time and resources of your employees.

When implemented in a strategic and integrated way , these principles will dramatically increase the security of your documents, your business and your customers. But let’s look at them one at a time.

Shred Regularly

A “shred-all” policy is one of the most critical steps you can take towards total information security. It means a department or companywide commitment to shredding all documents on a regular basis. Standardizing document destruction procedures will allow your organization to align its rules and regulations with its information security goals and needs.

A shred-all policy is a way to make sure there are no leaks – intentional or unintentional – of your organization’s sensitive information to outside sources. This may potentially include criminal groups that feed on this sensitive information to commit fraud and identity theft crimes. In turn, regular disposal of paper waste means it does not accumulate in a chaotic manner, reducing the potential for security breaches resulting from negligence or malicious intent. Regular information security audits will help you identify areas of vulnerability and potential risks. Some security audit best practices include:

1. Conducting audits on a regular basis.

2. Updating your document destruction policies accordingly based on your audit findings.

3. Ensuring your employees are in compliance with your audit policies, as well as identity theft and privacy legislation.

4. Training your staff in safe document destruction procedures. Communicate clealy to them that you are committed to security and how important it is to protect confidential imformation. Its important to your company and to your customers.

While it is important to get your employees on board, here is a word of warning. While most security threats may be perceived to be outside of your organization, don’t overlook the potential for internal threats. Your staff may actually be one of them. The US-based Healthcare Information and Management Systems Society, says that up to 23 per cent of all breaches that they have noted as requiring notification since 2000 were from an employee’s direct actions. Your staff may lose, steal or mishandle important information. That’s why limiting the number of people who have access to confidential data and enforcing security guidelines on all levels of an organization is so important.

Don’t recycle unshredded materials

You are correct to be serious about tossing paper into the recyling box instead of the trash can. However, are you recycling in a security-conscious manner? You may not have thought of it, but your documents are unguarded and unprotected while they sit and way at the recycler’s facility to be processed. This is a serious security vulnerabilty to you if you have any confidential or sensitive information in that pile of papers. For example, unguarded paper in recycling containers can be misplaced or stolen. Or, it can simply fall out of the recycling truck and onto the street.

There is a way to meet both needs – serving the environment and practicing responsible business by recycling documents while also keeping your customers’ confidential information confidential. You can achieve both goals by outsourcing document destruction to a reliable document destruction service provider with high security standards and a strong environmental record.

You might find it interesting to know that, working with Shred-it, organizations save one tree through recycling every time they fill up two Shred-it security containers with paper. Shred-it even offers customers an annual Environmental Certificate, which states how many trees they have saved. What’s more, by using recyclable, biodegradable, hydraulic fuels for its vehicles, Shred-it proves its commitment to continuing to improve its environmental practices.

Shred with a reliable supplier

By implementing all these measures, you’ll come a long way toward the ultimate goal – total security of your business and customer information. However, one question remains – should you hire a third party provider or try pursuing these measures on your own?

Here are a few pointers to help you ponder this question:

1. When you outsource document destruction, you free up your staff to concentrate on what matters the most – your business and the bottom line. This means productivity savings of up to 15 – 20 per cent, according to Shred-it’s analysis of the number of employees generating and shredding paper, the time it takes them and their hourly wage.

2. This estimate does not reflect the potential costs of litigation, expensive fines, reputation damage, loss of trust and negative media coverage potentially caused by security breaches, resulting from in secure document destruction practices. According to Forrester Research Inc., companies that experienced security breaches in the U.S. in 2006 lost between $1 million and $22 million. In Canada, identity theft may cost businesses and consumers approximately $2.5 billion, according to the Canadian Council of Better Business Bureaus. And in the U.K., businesses can suffer between $30,000 to $250,000 from security related reputation damage alone. Professional document destruction by a reliable third-party provider will help make sure such breaches do not happen.

3. Most organizations do not have the expertise to ensure total security of the document destruction process, nor do they have the equipment necessary for storing and shredding sensitive documents, such as locked security consoles and powerful shredding machines. Finally, they do not have the human resources needed to support the tight chain of custody around the document destruction process.

Arizona Mobile Shredding services by Shred-it Arizona provide award winning, industry leading secure shredding services for personal and business clients in Arizona. Drop off shredding locations are also conveniently available in many places. Visit us at www.ShreddingArizona.com online for a drop off location near you in Arizona.