Avoiding Your Secure Destruction Weak Links

Avoiding Your Secure Destruction Weak Links

When a client first hires Shred America, it is usually for a very specific secure destruction requirement. For instance, some hire us to purge a large volume of stored records that have reached their retention limit. Others hire us to destroy the weekly accumulation of information that can’t be casually tossed in the trash. Sometimes, we are hired to do secure shredding for
one department, while another department in the same building does something different (or nothing at all).

The fact is, our experience has shown that when it comes to secure destruction, the approach taken by different departments, buildings, and regions is inconsistent with the security and compliance of other departments, buildings, and regions. They are all doing their own thing. Before getting into why this is a problem, it might help to first consider the wide variety of secure destruction needs that apply to most organizations.

• Secure collection and destruction of documents discarded on a daily basis
• Periodic purges of stored records that have reached their legal
  retention limit.
• Decommissioned desktops, laptops, and handhelds
• Office equipment, including copiers, printers, and routers
• Badges, access keys, uniforms, labels, returned products, off-spec
  products and overruns, and excess inventory
• Outdated marketing materials, often stored by third-party printers or fulfillment centers

In most organizations, addressing these disposition requirements falls to separate internal departments, some of which may not value the security implications of their choices. Additionally, many large organizations operate from multiple locations, sometimes in different geographic regions, where managers aren’t necessarily on the same page. Clearly, given these realities, it is no surprise that most organizations end up with a wide variety of approaches to meeting their secure disposal needs. The fact is, however, though it may be understandable, these inconsistencies in methodologies, service provider selection criteria, and in the way in which both staff and vendors are trained and held accountable for proper secure destruction makes for an unnecessary and unacceptable risk.

Keep in mind, the problem is not only that some areas of the company are putting information at risk. Inconsistent approaches to secure destruction also undermine an organization’s ability to defend themselves in audits and investigations and limit their ability to defend civil and statutory intellectual property rights. The ironic part of this is that the area where appropriate security is in place, make the areas with insufficient security unforgivable. It’s like saying, “we knew the right way to protect the information, but we were negligent about applying it across the board.” 

The solution to this problem is to get everyone reading from the same secure destruction playbook. In fact, standardized internal secure destruction policies and procedures not only minimize risky inconsistencies, they also make everyone’s job that much easier by providing clear direction and removing the type of guesswork and individual biases. Of course, the reality that all data protection regulations require written secure destruction policies and procedures, makes doing so that much more compelling. This is where Shred America can really demonstrate its value. We have the know-how, experience, and practical savvy to work with all internal stakeholders without rocking the boat. And, given our regulatory expertise, we can also make sure the policy we help create navigates the patchwork of disparate new state-level data protection laws.

With all that said, we also know what we don’t know, meaning that we can identify the information only the client can provide and the choices that only the client can make. There is no doubt that some thought and a few discussions will take place among stakeholders, but at the end of the short process, the organization has a consistent secure destruction program,
managers that are no longer shooting from the hip, and is also compliant with its data protection requirements.

Even if you’re not already a Shred America client, we still love to hear from you. At minimum, we can provide guidance on next steps and available resources. 

Why wait!?! Contact Shred America today! We’re clearly the best choice for meeting your secure destruction needs, and that includes quickly and painlessly helping your organization develop its required secure destruction
policies and procedures.  

© 2024 Shred America, LLC – All rights reserved.