Businesses, especially small to medium-sized businesses, need to incorporate a formal document retention and destruction policy. Next, communicate your policy to employees so they understand their responsibility in safeguarding customer information, and to customers so that they have confidence in conducting business with you.
High-profile data breach events are just one part of the identity-theft epidemic in the United States. Your past business relationships where your personal information resides is another high-risk factor. Think about all of the personal information we have left with our past employers including name, address, Social Security number, driver’s license and even bank account information (for direct deposit).
And it’s not only past employers, but also their vendors, such as health insurance, dental insurance and supplemental insurance companies, along with payroll service and others where your personal information and even the personal information of your family have been used.
But there is more. Think of any past relationship, including every doctor, dentist, tax-preparation service, auto dealer, bank, school, mortgage broker, student loan servicer and any organization to which we have submitted personal information. Ask yourself, where is your sensitive information being stored today, how is it being secured, and what are the document retention and destruction policies of these organizations?
A great resource for business owners is ARMA International, a non-profit professional association and authority on managing records and information. ARMA developed and published principles to foster general awareness of information governance standards.
You can learn more about ARMA’s “Generally Accepted Recordkeeping Principles,” which detail how to properly retain information as organizations are creating and storing more information than ever before, mostly in electronic form.
In addition to document retention, the shredding of documents containing sensitive employee and customer information has become a high priority because of identity theft, data breaches and stolen trade secrets and client information.
Here are some basic shredding tips that your business should include in its information security and governance best practices:
- Choose a documents destrction services company that knows state and federal laws governing storage and destruction of documents. Important things to know include understanding the difference between hard copy document and electronic document requirements.
- Choose the right shredder: A cross-cut shredder (versus a standard shredder that simply shreds documents into long horizontal strips, some so wide that you can still make out individual words) cuts the paper from two directions and makes it much harder for someone to reconstruct the document.
- Document destruction compliance is the law: The state and federal regulatory environment regarding information security and governance, including document destruction will be enforced with fines and penalties that could negatively impact your business.
-Written by Mark Pribish, vice president and ID-theft practice leader at Merchants Information Solutions Inc., an ID theft-background screening company based in Phoenix. Contact him at firstname.lastname@example.org.
This article was published in the January 28, 2016, issue of the Arizona Republic. To access the article in its entirety, click here.