One of the most critical responsibilities that a business has is protecting the sensitive data in its possession.
Whether it’s proprietary business processes, internal communications, employee records, or information collected from your customers, your data is under a constant threat of theft or potential exploitation.
And the consequences of such an unfortunate event should not to be taken lightly.
Even a single incident of data theft can be a catastrophic event for your business. A report from Hiscox, an insurance carrier who provides coverage against these kinds of incidents revealed that the average cost of a data breach is $200,000.
But the damage done to the business isn’t just financial. It also has a huge effect on your reputation, customer confidence, and trust. In fact, 60% of businesses who suffer a data breach go out of business within 6 months.
For this reason, many businesses go to great lengths implementing strict data management processes to reduce the possibility of such a breach.
Unfortunately, these organizations often make huge investments in security infrastructure, technology, and IT staff to protect their data, while overlooking the final and often most important step in any data management program; document destruction.
This is why it is best practices to have an organization-wide paper shredding policy in place, ensuring that the sensitive data in your business’ possession remains confidential, even after it leaves your hands.
Our guide below explains the benefits of putting a shredding policy in place, and how it can help you protect your sensitive data.
Up First: What is a shredding policy?
A shredding policy is a set of standards used to determine which documents employees must shred when they are no longer needed, and which documents can simply be thrown away.
Shredding policies make life easier for your employees by removing any doubts about how sensitive documents should be disposed of.
This allows them to focus on fulfilling their day to day job duties, without the added responsibility of making data security decisions.
After all, not every employee will share the same opinions about which documents need to be shredded and which do not, opening the door for some wildly inconsistent shredding practices.
However, not all shredding policies are created equal. Overly complicated rules can make a policy difficult to follow, leading to confusion, decreased productivity, and quite possibly, mistakes.
Creating a simple, easy-to-understand policy ensures that the rules are straightforward and well understood by your employees.
There are two common approaches you can take when setting up your shredding policy : selective shredding or a “shred-all policy”.
Let’s take a look at what each of those policies look like and advantages and disadvantages of each. Then we’ll explain why a shred all policy is typically a better choice when it comes to simplicity, cost, and security.
What is selective shredding?
With a selective shredding policy, documents are categorized based on the information they contain, and designated for shredding when certain conditions are met.
The easiest way to accomplish this is to simply identify specific documents and forms by name. This can be especially practical for businesses who are working with only a few different types of documents. For example, a customer intake form may always contain sensitive personal information, and so should it be shredded.
Another approach is to broadly designate any document that contains PII or PHI as a must-shred document. In cases where a variety of unexpected documents may be encountered throughout the day, it is important to provide training /guidance to employees about how to properly identify and handle sensitive information.
This method obviously comes with some additional risk, as you will be relying heavily on your employee’s training and discretion. However, there are plenty of circumstances where this may be the only viable option.
The advantages of selective shredding:
- A selective shredding policy creates a single set of rules that all employees must follow, ensuring consistency in the way sensitive information is handled.
- It is cost effective, as it reduces the total amount of documents you need to shred.
- Depending on your need and volume, you may be able to shred documents on demand.
The disadvantages of selective shredding:
- Employees must be trained on policy specifics, and monitored to ensure they are followed. This additional oversight often results in wasted time and increased labor costs.
- Complicated policies increase the chances of human error. Even the best employees can make a mistake, which could inadvertently expose sensitive information.
- Selective shredding is an inconvenience for your employees, making best practices difficult to integrate into their regular workday routines.
What is a shred-all policy?
A shred all policy instructs your employees to shred every document, regardless of whether it contains potentially sensitive information or not. This straightforward approach has many advantages over the typical selective shredding policy due to its simplicity.
The advantages of a shred-all policy:
- No more guesswork for you or your employees. Shredding everything quickly becomes second nature as a part of their work. No considerations need to be made determining whether or not a document is sensitive enough to required shredding, which leads to increased productivity and fewer responsibilities.
- Shred all policies require no training whatsoever. Shred everything!
- Decrease the chances of an employee accidentally forgetting to shred a particular sensitive document or misunderstanding the guidance.
- Shred-all policies help you comply with state and federal document destruction laws like the FACTA Disposal Rule, without any additional effort, as these practices become baked into your daily operations.
The disadvantage of a shred-all policy:
- Potentially increased shredding related costs, as a higher volume of paper shredding will be required.
If you have any concerns about data privacy, a shred-all policy is your best bet. It offers increased security, reduced labor and management, and streamlines your workflow.
How do you create a shredding policy?
Implementing a company-wide shredding strategy is the simplest way to harden your defenses against potentially catastrophic data breaches. It provides necessary guidance for employees to enable them to make better, safer choices with regards to confidential information.
The first step of creating a shredding policy is closely examine the way sensitive data currently flows throughout your organization.
Gaining a better understanding of who handles this kind of information, and the practices currently in place can help you identify any potential problem areas that will require special consideration.
It can also help paint a clearer picture of who has unnecessary access to sensitive data, ensuring only those who need it to fulfill their job duties are able to view it.
Next, you’ll need to create a records retention policy if you don’t have one already. A retention policy is basically an outline of how a company and its employees will manage company documents and records from creation to destruction.
Many industries have data retention requirements that dictate how long certain documents need to be kept before they can be destroyed. State and federal data privacy laws usually include their own retention requirements as well, so be sure that your retention policy meets these standards.
The last step is to figure out how you will dispose of your data when it is no longer needed, and who will be held accountable for that process. Will you purchase equipment and provide the training to handle the process in house? Will your employees be ultimately responsible for the safety of your data? Or will you simplify the document destruction process by hiring a professional shredding company like SecureScan?
SecureScan provides ultra-secure locking shredding bins that can be placed in convenient, high traffic locations throughout your office, where employees can simply deposit their sensitive documents and walk away. No more confusing rules, no more wasted time shredding documents, no more mistakes. Nothing could be easier.
At an interval of your choosing, we will return with our NAID AAA® certified document destruction team to collect your bins and discreetly shred their contents directly outside your office, where you are able to watch the process if you so choose.
Last, we return the bins where we found them to be filled again by your employees, without disturbance. We also provide you with a certificate of destruction after every visit, which serves as documented proof and our guarantee that your data was destroyed in accordance with data privacy best practices.
For businesses who also have an accumulation of old documents that need to be destroyed, we also offer a one time shredding purge, where we will come to destroy a large volume of documents all in one go, helping you get you caught up and ready for a fresh start.
A shredding policy is a critical component of any document management plan. Just remember, it is important that you effectively communicate your shredding policy to your employees, providing training and guidance where necessary. After all, it is your staff who will likely be your last line of defense in protecting your data.
Let us help you improve data security while reducing your employee’s workload. Contact us for an obligation free price quote and schedule your first appointment.