Avoid Data Disasters With a Secure Chain of Custody

What every business needs to know about protecting your sensitive documents.

Chain of Custody

It’s unavoidable: Businesses have to deal with a ton of sensitive documents. 

Whether it’s customer information, employee records, or even trade secrets, it’s the business’ responsibility to keep these records confidential.

However, paperwork is often passed back and forth between departments and sometimes, even between companies. 

And that can make it difficult to ensure that your records haven’t been compromised or tampered with along the way. 

Not to mention the fact that if a document goes missing, it can be nearly impossible to track down.

For this reason, it’s important to maintain a secure chain of custody for your confidential records, recording each and every time a document changes hands, and who was responsible for handling it at that time. 

This guide will help you understand exactly what chain of custody is, why it’s important, and how we use a secure chain of custody to ensure your documents are protected throughout the scanning process.

What is a chain of custody?

A chain of custody is a step-by-step record of when, how, and by whom a particular document has been accessed or transferred. It establishes an audit trail that can be used to track a document’s movements throughout its existence. 

While the term is most commonly associated with criminal and civil law, it is also frequently used to describe the safe handling of documents, most often those that contain sensitive data like PHI and PII. 

Creating a record each time a document passes hands may sound tedious, and it is. 

But when it comes to protecting confidential or one-of-a-kind records, the benefits far outweigh the drawbacks. 

Maintaining a well-documented chain of custody ensures that every possession of a sensitive document is traceable and verifiable. And that can really come in handy in the case of an audit. It also prevents documents from being lost or misplaced, as everything is recorded and accounted for each time it’s used. 

Why is monitoring the chain of custody important?

When a customer provides an organization with sensitive information, they expect it will be protected from accidental disclosure or malicious exploitation.

However, this trust is easily broken in the case of a data breach, which can cause serious damage to your business’ reputation, or worse. 

Maintaining a secure chain of custody provides businesses with the oversight needed to avoid these kinds of data catastrophes. It also ensures that businesses stay compliant with state and federal data protection laws.

Imagine a scenario in which an important document that contains sensitive information is lost or misplaced. Wouldn’t it be great to have a record of the last person who accessed it? At the very least, it may help you track it down. 

How about in the case of a compliance audit. Would knowing your sensitive records were accounted for and protected take a bit of stress out of such an event?

These are just a few of the many reasons why the effort of maintaining a well-documented chain of custody is worth your time. 

What kind of businesses benefit from a secure chain of custody?

There are many industries in which maintaining a secure chain of custody for sensitive documents is not only recommended, it’s required. This includes the banking industry, the medical industry, the legal industry, and more.

Take the banking industry for example. Financial documents often contain personally identifiable information that must be safeguarded to prevent identity theft and fraud. In order for banks to meet industry compliance standards, they must have clear documentation of who has access to records at any given time, what happens when that person leaves the company or there’s an incident involving data leakage.

Similarly in order to comply with the the Health Insurance Portability and Accountability Act, hospitals, medical practices, and practitioners must maintain a secure chain of custody for medical records. Medical records are highly protected, as these documents often contain sensitive or personally identifiable information.

How do you maintain a secure chain of custody?

In order to maintain a secure chain of custody for your sensitive documents, you’ll need to do the following:

Step 1. Create a chain of custody form. In order to be useful in an audit or court case, a chain of custody form should contain the following information:

  • What is the document being tracked?
  • When was it accessed?
  • Who handled the document?
  • Why was the document handled?
  • Where has it traveled, if anywhere, and where was it stored?
  • Signatures of any parties involved

Our tip: Prioritize your most sensitive documents. Those that contain confidential information should have a detailed record of every interaction from the time they are created until the time they are destroyed. 

Step 2. Record every single hand-off in the chain of custody form, no exceptions. Gaps in a chain of custody are like holes in a ship, the more you have the faster you’ll sink. And they are impossible to explain away in a court case or compliance audit. Documenting as many details as possible throughout the process leaves little room for scrutiny.

Step 3. Train your employees on the importance of maintaining a well documented chain of custody. They will be your first line of defense, and will likely take on most if not all of the responsibility. Be sure to provide guidance about how documents are handled, and how those interactions will be recorded. 

Step 4. Destroy your documents as early as you can. It goes without saying that storing sensitive documents longer than you need adds unnecessary risks. The longer documents are lying around, the greater the chance they have of being lost or stolen. Be sure to document the process as the final entry in the chain of custody. 

What happens when the chain of custody is broken?

There are many reasons why a chain of custody failure can occur, and more often than not, it’s caused by human error. An employee may access or move a document and forget to make a record.

Unfortunately, even an innocuous scenario can lead to the loss, theft, or disclosure of sensitive data, which can be damaging for your business. 

When the chain of custody is broken, it makes it difficult to prove that the data in your documents has been properly handled. This can cause a business to fail to meet compliance requirements or worse, the loss of a confidential document.

How does SecureScan help you maintain a secure chain of custody?

At SecureScan, maintaining a secure chain of custody for your documents is our top priority. Both our document scanning service and paper shredding processes are designed to help you maintain a secure chain of custody for your records. 

Here’s how our scanning process helps you maintain a secure chain of custody:

  • SecureScan employees will arrive at your location at a predetermined time to package your documents and load them into one of our company vehicles.
  • A detailed record of the boxes and their contents, as well as other relevant details about the transfer of custody is made. 
  • Our licensed, bonded and insured team members will transport your documents directly to our secure scanning facility in company owned and operated vehicles.
  • Once your documents arrive, we compare the delivery against the initial inventory and record the successful transfer. 
  • Your documents are then moved into our secured vault and placed under 24/7 surveillance; only to be removed when they are in process. Every area in our facility is secured by electronic badge access, ensuring only authorized personnel have access to your records. 
  • When the scanning process begins, management staff with the proper clearance will retrieve your documents to be scanned as needed. Documents are checked back in and returned to storage once they have been scanned.
  • Your completed project materials are provided to you on an encrypted thumbnail drive, uploaded to an SFTP, or added into your existing document management system for your review. 
  • If you have asked for us to return your documents after scanning, we will repackage them back into their original boxes and take an additional inventory to ensure everything is accounted for. We will again pack your documents onto one of our vehicles to return them to your location. All relevant details of the transfer will be added to the record to ensure a  secure chain of custody is maintained. Another inventory will take place, to make the final record of custody back to your possession. 
  • If you no longer wish to keep your paper documents, we can securely shred your paper documents and provide you with a certificate of destruction for your records.

Here’s how our shredding process helps you maintain a secure chain of custody:

  • SecureScan employees will arrive at your location at a predetermined time to deliver secure, locking storage bins to store your documents between shreds. Depending on your volume and need, we can place several of these throughout your business or in various departments as necessary. 
  • Documents that need to be securely disposed are deposited into secure bins throughout the workday. Any document placed in a bin will be inaccessible to employees, as these bins can only be opened by SecureScan employees. 
  • When the bins are ready for pickup, SecureScan staff will return to your office with an industrial shredding truck. 
  • Your bins are hauled directly to the truck in the secure container by a SecureScan employee. Once they reach the truck, the bin is unlocked, and the documents are immediately fed into the industrial shredder. 
  • Once the shredding is complete, the remaining paper material is sent to a local recycling facility, where the ink will be washed, and the paper will be pulped and recycled.
  • You will receive a certificate of destruction as proof that your documents were destroyed securely in accordance with data privacy requirements, which will serve as the final entry in the chain of custody. 

Read More

Starting January 1st 2023, any digitized document submitted to the National Archives or the Library of Congress must achieve a minimum 3 star FADGI rating. But what does that even mean?! With this deadline quickly approaching, there has never been a better time to learn about FADGI, NARA’s new requirements, and the implications they may

Read Article

Business owners often find that as their company grows, the number of invoices that need to be managed increases exponentially.   Without hiring additional employees, it can be difficult to keep up with the demand, leading to missed payments, duplicated invoices, and data entry errors.  These small errors can lead to big problems, including damaging vendor

Read Article

With data breaches and identity theft on the rise, businesses and their customers are faced with near constant reminders about the consequences of poor data management. To counter this growing epidemic, many businesses invest heavily in security and infrastructure for their stored documents to ensure their data is protected throughout its lifecycle. However, the protocols

Read Article