Helping Business Owners Improve Their Document Retention and Destruction Process

By Joe Caradonna, owner of PROSHRED Arizona

Information protection is always a top priority for any business owner. Protecting the essential and sensitive information of your clients and your company is important, and many business owners are taking security concerns seriously when it comes to digital and cybersecurity threats. However, as business owners store more documents digitally, they may forget about comprehensive security measures for physical documents. Physical document storage is not going away despite our digital age, and unsavory people could have access to your employees’ or customers’ private information. This threat means your company must create a process to store and secure physical documents. We may live in the digital age, but physical document security remains an essential part of any business security plan. Here are a few tips to help business owners improve their physical document security.

Know record retention laws and requirements

If you are storing digital or physical documents for yourself and your clients, you should know the record retention requirements for those documents.

Jerry Dilk, the Director of Business Development for secure document record storage company Data Storage Centers, said it is important that businesses know State and Federal record retention laws.

“Business owners must know how long they are supposed to hold records and when they are supposed to dispose of them,” Dilk said. “For example, it is a general rule of thumb that you keep three years of tax records in case your company is audited.”

Other information, such as HIPPA documents, is required to be retained for six years at minimum, Dilk said.

You should know the regulations for document retention because it will help you create a better-organized company that disposes of unnecessary documents and can quickly pull up important ones.

Don’t dispose of sensitive materials yourself

Just because you put a sensitive document in a basic paper shredder or throw a hard drive in the trash does not mean the information has been properly disposed of. Sensitive information can still be exposed in shredded documents or a disposed hard drive. Even smashing your hard drive with a hammer before you throw it away does not mean your information is safe.

When it comes time to dispose of your and your client’s sensitive information, hire a professional. Secure document destruction is an art and requires an understanding that even the smallest piece of exposed data can leave you at risk. The document destruction company you hire should have state-of-the-art shredding trucks as well as a proper hard drive shredder. Hard drives that go through a shredder completely destroy them, so the only thing that can be salvaged are tiny precious metals for recycling. The shredder should be able to destroy both hard drives and SSDs.

Most importantly, whatever company you hire should be licensed by the National Association for Information Destruction. NAID AAA certification is a must to ensure the team you hired has the training to securely dispose of any important information.

NAID-certified companies are required to go through independent audits of their data destruction policy to ensure they are disposing of sensitive materials properly.

If a secure document shredding company can’t be bothered to get properly certified, then they are not the company you should trust with you and your client’s information.

Track access to sensitive information

Properly retaining documents is not just putting them in a filing cabinet and forgetting about them. All important documents should be stored in a secure room, according to Dilk.

“Important information should be stored in a climate-controlled room that most people do not have access to,” Dilk said. “You should have systems in place that monitor what documents are in the room, when they were stored when they were removed, and who entered the room.”

Dilk went on to say that creating a controlled access plan establishes a clear chain of command in your security plan and establishes a history of access that you can monitor if important documents are missing or stolen.

Physical document storage is not as common today; however, many people and businesses today still use and store physical documents with sensitive information. As long as these physical documents exist, you should take their security seriously. Implement a security strategy that tracks what documents you have and who accesses them, and you will successfully protect your company and your client’s sensitive documents.

Joe Caradonna is the owner of PROSHRED Arizona. PROSHRED Arizona is a secure document shredding service. They help businesses safeguard their private information.




Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.