Mark Harper, pictured, of document and electronic media shredder company HSM UK writes of how and why businesses need to introduce and maintain the correct processes when disposing of paper waste, to ensure they don’t get into hot water.
In a busy, working environment it’s easy for sensitive data to land in the wrong hands. Now, with GDPR shaping the way we deal with confidential information; data compliance and security should be the main focus for all businesses handling sensitive data. Reports indicate that 77 per cent of companies shred less than 50pc of all documents containing sensitive or confidential information. Pair that with ICO findings that reveal 40pc of UK data security incidents are attributed to paper and there’s an alarming realisation that there’s a large number of potential threats to those handling sensitive data.
Despite the many predictions of a paperless office, statistics have previously shown that more than 80% of an organisation’s processes are managed on paper. With the average office worker in the UK using up to 45 pieces of paper each day, and with two-thirds of this ending up as waste, it isn’t hard to believe that a huge percentage of data incidents are due to the insecure disposal and handling of paper documents.
Therefore, although we’re making progress on the digital front, organisations can’t afford to forget about their physical paper waste. Those who don’t securely dispose of and store critical documents in the correct manner ultimately put themselves at risk of falling victim to data misuse.
Unlike online documents, which can be secured by encryptions for example, paper is vulnerable to a series of threats as it’s more prone to be accessed or tampered with. Possible threats to the physical data destruction process can include accidental loss, emergency abandonment, espionage or theft. These data breaches can be detrimental for any business as they may result in hefty fines, PR nightmares and a loss of stakeholder trust. As we’ve seen from several high-profile cases, data breaches can also seriously damage a company’s reputation, no matter its size. The Hilton and Starwood Hotels espionage scandal for example, severely harmed the reputation of both chains – Hilton hotel’s brand image after it was accused of stealing over 10,000 documents and Starwood Hotels for having unsecure confidential paper documents.
Incidents where patient records have been lost or stolen and top secret military files found in a bin further accentuate how easy it is for documents to be misplaced or land in unsafe hands. Both cases caused national outcries, with the National Health Service (NHS) and military officials at Porton Down suffering investigations and fines due to their handling of important paper documents. These examples shouldn’t alarm organisations, rather they should act as a reminder as to why destroying dispensable physical documents at their source is crucial to remaining GDPR compliant.
It’s essential for any organisation to have the correct processes in place to ensure that staff remain GDPR compliment when disposing of private documents. The first step in this is to implement a confidential waste policy and invest in an in-house shredder. Making disposal part of the everyday routine will ultimately give you the peace of mind that your paper waste is being immediately destroyed – removing the opportunity for any misplacements.
Educating employees on the different security levels they’re required to cut at when using an in-house shredder is critical when disposing of paper waste. For example, Finance and HR departments holding documents containing highly sensitive information, should consider micro-cutting to a level of at least P-5. Whilst a cross cut shredder at the P-4 security level, which allows for quick and easy shredding would be the most suitable for the general office environment. One of the simplest ways to remove the risk of data breaches is to enforce a clean desk policy. This ensures that private documents aren’t lost or stolen as they remain out of sight from third-party visitors. By employing a clean desk policy and preventing important documents piling up on desks and in cabinets, offices can reduce the chances of misplaced or misused paper documents.
Don’t leave compliance to chance
To remain GDPR compliant, organisations shouldn’t leave the destruction of paper-based data as an afterthought. To combat the misplacement or misuse of paper waste, it’s fundamental for all businesses, no matter their size, to invest in the required in-house shredder solutions that will render paper documents secure at the time of shredding – not leaving it to chance. Understanding the consequences of a data breach is important. However, it’s key for organisations to protect all document types, including highly destructive paper waste. Only then will business owners avoid the hot water we’ve seen so many already succumb to.
