Whether files are headed for destruction or storage, a secure approach helps to ensure information doesn’t fall into the wrong hands. Businesses large and small are vulnerable to both internal and external document security breaches. Many employees often have access to the personal financial and medical records of employees, but companies opt not to shred sensitive material but rather drop it in the dumpster or recycling bin for collection, putting it in easy reach of thieves. In addition, many organizations do not have protocols in place to securely store and/or secure destruction practices for paper documents, thus making it even easier for thieves to take boxes of sensitive material.
Organizations that store private and proprietary data insecurely or discards it without destroying it is exposed to the risk of criminal and civil prosecution—as well as the loss of business. HIPAA law requires health care organizations to maintain reasonable and appropriate technical and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information.” Fines and penalties for HIPAA can be as high as $2,500 per violation. The Sarbanes-Oxley Act stipulates that all publicly traded companies have a formal document management policy in place. Businesses should take an active role in addressing the need for secure disposal by offering access to secure document destruction services.
Properly managed on-site document destruction system provides secure and reliable handling of information by maintaining a short and secure chain of custody. Using a service that visits sites and shreds sensitive paper documents on a regular basis can help keep private information out of the hands of identity thieves. All materials remain on the company’s premises until they are moved to a waiting shredding truck for immediate destruction.
Because off-site destruction typically involves shipping and storage of documents and proprietary data in their original form, the transporting, sorting, and shredding processes will likely involve a number of people. Unfortunately, some of these people may not be bonded, insured, or properly trained in security protocols, which could result in a longer, less secure chain of custody.
Office or facility managers should check whether or not the document destruction company provides the following:
- appropriate bonding levels for all agents;
- secure storage containers on the premises;
- documents are destroyed securely behind locked doors;
- shredded material cannot be reconstructed;
- the ability to shred more than just paper (CDs, DVDs, etc.);
- a certificate of destruction.
Many businesses simply do not have the resources—human or financial—to protect document storage areas as required by law. Storing records off-site has many advantages in addition to complying with government regulations, including
freeing up valuable building space and reducing liability due to theft or damage.
When deciding where to store information, take into account the type of information (financial or health, for example), the need for regular access, and the security of the storage facility.
When selecting a records management company, keep in mind that documents and records must be protected from the time the service provider is entrusted with them to the time they are authorized for destruction. Access to records when they are needed is another important consideration.
Taking a proactive approach to protecting documents in storage and ensuring that any private information is kept secure is an excellent way to companies from identity theft. These actions could save thousands of dollars or more in federal fines and litigation, and have an immeasurable impact on a company’s reputation.