Confidential Information Destruction: What Should We Shred?
Even though many companies here in the UK and further afield are doing their absolute best to go paperless, running a business does mean that there will always be a certain amount of paper-based information distributed daily around the office.
Essentially, this doesn’t pose a risk, but you will need to make sure that you prioritise confidential information destruction and know which documents should be destroyed to avoid falling foul of the law – especially now that changes to data protection legislation are about to be rolled out.
No matter what kind of business you run, you’re sure to have to handle documents containing sensitive information at some point and it’s essential that you know what to do with this information when the need arises. We all have an obligation to protect personal information and confidential data from being compromised and exposed, so this should always be a top priority for all of us.
So, what documents should we be shredding? Anything with personal information on it, like credit card and bank account numbers, home addresses and telephone numbers and other private data, should always be destroyed.
Customer lists and contracts, strategies and pricing should also be shredded as soon as possible. Corporate records, vendor information, payroll data, medical records, treatment programmes, performance assessments, health and safety issues, training information, budgets, legal contracts… all of this must be destroyed.
And it shouldn’t just stop at your office environment. You would be wise as an individual to exercise the same level of diligence at home with your own personal information as you would at work – so make sure that you destroy any cancelled cheques, expired credit and debit cards, receipts, credit card statements to help protect yourself against identity theft in the future.
Under the new General Data Protection Regulation (GDPR) rules, remember that clients and anyone you work with will have the right to be forgotten and as such you shouldn’t be keeping any personal information for any longer than is necessary.
This must all be deleted, removed or destroyed at the owner of the information’s request… so do make sure that you have the appropriate procedures and policies in place to ensure you only collect and keep the confidential data that is required for compliance.
You might think that it makes sense to keep your shredding in-house, but this can still put you at risk of contravening the GDPR processes, so it makes sense to hire a professional document destruction company. Shredders in offices often just strip paperwork, which can easily be reassembled if someone is determined enough.
You may also have to prove your documents have been securely shredded and all too often doing this in-house means that you won’t have any records to show. Outsourcing your shredding to Avena will provide you with a Certificate of Destruction to provide transparency & auditability to ultimately provide you with peace of mind.