|Page (1) of 1 - 01/10/12||email article||print page|
What's in Your Bin? How to Stop Document Disposal Becoming the New Frontline for Data BreachesIron Mountain Offers Advice to UK Businesses (January 10, 2012)
LONDON, UNITED KINGDOM -- (Marketwire) -- 01/10/12 -- Disposal is not the same as destruction, warns information management company Iron Mountain, as a recent UK study(i) reveals that up to 40 per cent of London's commercial bins contain confidential business documents. The study investigated bins located near a number of law firms, banks, hospitals and government agencies, discovering a concerning number of paper documents such as email print outs, letters and reports, many of which contained sensitive personal information.
Every organisation develops processes to manage its information from the moment a new document is created, through periods of high activity (when many may need to access the document on multiple occasions) until its final destruction or long-term archiving. It is at the very end of this lifecycle that organisations appear to make mistakes. "Document destruction is probably the most over-looked aspect of information management," says Phil Greenwood, UK Sector Director at Iron Mountain. "A company's attention can often focus on the protection of documents as they are created or processed by the company; and those responsible for implementing policy - most typically the IT department - are often more comfortable dealing with digital data than with paper documents and archives. However, the secure and legally compliant destruction of sensitive paper documents is hugely important."
The consequences of failing to destroy confidential information securely can be serious, including the loss of competitive or customer information and exposing the business to the possibility of a punitive fine and severe reputational damage.
Iron Mountain's Phil Greenwood offers the following guidance for businesses that seek to protect their information at the end of its life cycle:
- Understand the legal framework - and ensure your employees do too. Important documents have pre-defined retention periods. Bank statements, for example, must be retained for six years. It can be just as damaging to destroy a document your business needs for regulatory purposes or legal disclosure as it would be to fail to destroy a document that you are no longer required to retain. Employees might be unaware that they may need to provide documented evidence of disposal.
- Start shredding. An in-house shredding solution can look like an obvious solution, but what might appear at first sight to be a money-saving approach may well come at a cost. Machines can be time-consuming or resource-intensive to operate and maintain, and employees using the machines may not be aware of all the legal implications.
- Consider bringing in a third party. A trusted partner with the relevant expertise will understand the compliance issues for your business and be able to provide the evidence of secure document destruction increasingly required by external authorities. The best firms will help you to design, develop and implement a secure shredding programme from collection to destruction and even recycling. Moreover, an expert in secure destruction will be able to destroy digital media such as CDs and DVDs securely.
- Ensure that policy and processes are followed consistently. There is often a gap between what those responsible for creating policy think has been put in place and the reality of the workplace. What might be a well-understood and observed policy in the financial department at head office may look completely different, for example, in the marketing department of a local branch.
- Last, but definitely not least: make sure that policies and procedures are understood and supported by every employee. Without this, the best plans in the world are exposed to failure. Should the worst happen, you can be sure the regulator will want to see proof of the steps taken to minimise and prevent risk.
"It's all about accountability and responsibility," explains Greenwood. "Staff should know how to handle all documents with a consistent 'chain-of-custody' that results in a tightly controlled, accepted process that covers the lifecycle of paper documents as they pass through the organisation."
(i)Study commissioned and published by the National Association for Information Destruction (NAID), November 2011.
About Iron Mountain:
Iron Mountain Incorporated (NYSE:IRM) provides information management services that help organisations lower the costs, risks and inefficiencies of managing their physical and digital data. The Company's solutions enable customers to protect and better use their information - regardless of its format, location or lifecycle stage - so they can optimise their business and ensure proper recovery, compliance and discovery. Founded in 1951, Iron Mountain manages billions of information assets, including business records, electronic files, medical data and more for organisations around the world. Visit www.ironmountain.co.uk for more information.
Copyright @ Marketwire
Related Keywords: Iron Mountain , Marketwire, , Financial, Management Services, Environmental Technology, Green Technology, Business, Email, england,