How should you store your confidential data before shredding
Storing your confidential waste isn’t just about making your workplace appear well-ordered and tidy. It’s more important than that – it’s about protecting your business from data breaches and information leaks that could lead to identity theft and business fraud.
An old customer database could form a calling list for one of your competitors, or a discarded company uniform may help an unauthorised intruder gain access to your premises. With thieves now becoming increasingly technologically sophisticated storing all types of confidential waste is now a vital business requirement.
In this article we explore some of the methods your business should adopt to maintain data security before your confidential waste is processed and shredded.
1. Use secure containers
Under the Data Protection Act you are required to store your confidential data in locked containers or bins. These can often be supplied by your shredding company who may be willing to provide you with secure containers free of charge as part of their service. These will often feature one way access systems, allowing waste to be deposited, but not accessed.
2. Store containers in access controlled areas
Imagine how much value could be contained in a bin full of customer records that includes bank details? Criminals are very much aware of the money making potential of discarded data. For this reason your secure containers should be kept in an access controlled area. Deploy cameras and automatic sensors as a deterrent and use keypads or swipe cards to create a record of internal personnel accessing the area.
3. Enforce a clear desk policy
It’s all too easy for your staff to note down customer and client details when they’re taking calls or processing complaints. Those notepads used as a ledger for such information are actually in danger of breaching the data protection act. Make sure you’re checking that staff members do not leave with any scraps of paper and that all notepads and written materials are cleared from desks at the end of the working day. In our experience it is best to have a completely clear desk policy, requiring staff to leave no scraps of paper on their desks at the end of the day, helping remove any chances of confusion.
4. Staff awareness
One of the key areas where most business fail at data protection is letting staff know what’s required of them. Sharing passwords, discussing customers over a tea break and taking work home on USB sticks are all practices that are common in many businesses that contravene legislation. In the majority of cases however staff are often unaware of their indiscretions. Ensure your staff understand their responsibilities with a full training schedule that utilises testing to verify its effectiveness.
5. Destruction policy
How do you get rid of your confidential data? In the past larger businesses would use document shredders on site, although this is still the norm in smaller operations. Outsource shredding companies will either bring their mobile shredding vehicles on-site or transport your confidential waste securely to their depot for shredding, not only assuring the required level of destruction, but also depositing the waste products of the process with recycling agencies.
6. Constant checking
The legislation controlling shredding and data disposal is constantly changing and being updated by the ICO. It is vital that businesses take responsibility for staying on top of these changing laws and implement the proposed measures accordingly. For this reason it is good for businesses to have a specific person or in larger organisations, a department, who is tasked with regularly reviewing company policy.
By implementing these procedures it is possible to keep your confidential materials truly confidential throughout the entire confidential waste disposal and shredding process.