Consistency is Critical to Compliant Secure Shredding
Virtually every expensive and embarrassing data disposal incident can be traced back to inconsistent data destruction policies. Luckily, there are easy solutions.
Inconsistency #1: Permitting frontline employees to decide what should be destroyed.
Every piece of paper, including letters, memos, reports, correspondence, proposals, etc., could contain highly sensitive information. If an employee has a choice between discarding these items in their deskside wastebasket or placing them in a secure collection container, eventually, and probably more often than expected, the employee chooses wrong.
It is not only the employee’s judgment that comes into question, but the situation. Are they tired? Are they apathetic or disgruntled? Are they just too busy? Relying on every employee to consistently make the right choice virtually ensures non-compliance.
Solution: Take away the choice by implementing a single system for the destruction of all discarded media.
Inconsistency #2: Inconsistent treatment of various media and devices.
Sensitive information is stored on a wide variety of media, including paper, magnetic tapes, USB flash drives, memory cards, smart phones, laptops, desktop computers, and servers. Copy machines and printers have hard drives, and routers and connectors provide electronic information that let bad guys into secure networks.
Because disposal of these items is managed by different functional departments, there can be widely differing attitudes on secure disposal. Some categories are totally ignored.
Solution: Have a single data disposition policy that applies to all media and all devices, then centralize policy oversight to one department.
Inconsistency #3: Different disposal procedures for remote workers and satellite offices.
While an organization's main office and operations centers may have well-established secure data destruction procedures, too frequently remote branches and those working from home are doing something less…or nothing at all.
The Solution: Give clear instructions to satellite offices and remote employees, with step-by-step instructions for secure destruction by a specific vendor who can provide them with the necessary chain of custody documentation.
Consistency Undermines Good Efforts in Another Way Too.
Giving employees the option to casually discard confidential information contradicts an organization’s claims (and customer expectations) that confidentiality is given a high priority. At the same time, selectively destroying media and devices dramatically increases the negligence of doing it less securely somewhere else. In both cases, the inferior practices not only negate the good practices, but increase the overall liability.
Consistency across all types of media and all locations is the only safe and secure option.
- Share this post