|
Why Shred?
What every
company needs to know about Document Destruction
From the National
Association for Information Destruction
-Every Business Has Information That
Requires Destruction.
All businesses have occasion to discard confidential data. Customers lists,
price lists, sales statistics, drafts of bids and correspondence, and even
memos, contain information about business activity which would interest any
competitor. Every business is also entrusted with information that must be kept
private. Employees and customers have the legal right to have this data
protected.
Without the proper safeguards, information ends up in the dumpster where it is
readily, and legally, available to anybody. The trash is considered by business
espionage professionals as the single most available source of competitive and
private information from the average business. Any establishment that discards
private and proprietary data without the benefit of destruction, exposes itself
to the risk of criminal and civil prosecution, as well as the costly loss of
business.
- Incidental Business Records Discarded On A
Daily Basis Should Be Protected.
Without a program to control it, the daily trash of every business contains
information that could be harmful. This information is especially useful to
competitors because it contains the details of current activities. Discarded
daily records include phone messages, memos, misprinted forms, drafts of bids
and drafts of correspondence.
All businesses suffer potential exposure due to the need to discard these
incidental business records. The only means of minimizing this exposure is to
make sure such information is securely collected and destroyed.
- Internal Personnel Should Not be
Responsible To Destroy Certain Information.
Common sense dictates that payroll information and materials that involve labor
relations or legal affairs, should not be entrusted to lower level employees for
destruction. But, beyond that, competition sensitive information is best
protected from them as well. It has been established, time and again, that
employees are the most likely to realize the value of certain information to
competitors. And, lower wage employees often have the economic incentive to
capitalize on their access to it. The only acceptable alternatives are to have
the materials destroyed under the supervision of upper management or by a
carefully selected, high security service.
- Information Protection Is A Vital Issue To
Senior Management.
In a survey conducted by the Conference Board, top executives from 300 companies
ranked the security of company records as one of the top five critical issues
facing business. When asked which issues required immediate attention and policy
development, the security of company records ranked second only to employee
health screening.
- Stored Records
Should Be Destroyed On A Regular Schedule.
The period of time that business records are stored should be determined by a
retention schedule that takes into consideration their useful value to the
business and the governing legal requirements. No record should be kept longer
than this retention period.
By not adhering to a program of routinely destroying stored records, a company
exhibits suspicious disposal practices that could be negatively construed in the
event of litigation or audit. Also, the new >Federal Rule 26< requires that, in
the event of a law suit, each party provide all relevant records to the opposing
counsel within 85 days of the defendants initial response. If either of the
litigants does not fulfill this obligation, it will result in a summary finding
against them. By destroying records according to a set schedule, a company
appropriately limits the amount of materials it must search though to comply
with this law.
From a risk management perspective, the only acceptable method of discarding
stored records is to destroy them by a method that ensures that the information
is obliterated. Documenting the exact date that a record is destroyed is a
prudent and recommended legal precaution.
- Recycling Is Not An
Adequate Alternative For Information Destruction.
To extract the scrap value from office paper, recycling companies use
unscreened, minimum wage workers, to extensively sort the paper under unsecured
conditions. The >acceptable< paper is stored for indefinite periods of time
until there is enough of a particular type to sell. The sorted paper, still
intact, is then baled and sold to the highest bidder, often overseas, where it
may be stored again for weeks or even months until it is finally used to make
new products.
There is no fiduciary responsibility inherent in the recycling scenario. Paper
is given away or sold and, by doing so, a company gives up the right say in how
it is handled. There is, also, no practical means of establishing the exact date
that a record is destroyed. In the event of an audit or litigation, this could
be a legal necessity. And, further, if something of a private nature does
surface, the selection of this unsecured process could be interpreted as
negligent. For all these reasons, the choice of recycling as a means of
information destruction is undesirable from a risk management perspective.
If environmental responsibility is a concern, materials may be recycled after
they are destroyed or a firm can contract a service that will destroy the
materials under secure conditions before recycling them. Any recycling company
that minimizes the need for security has its own interests in mind and should be
avoided.
Information
cited from the National Association for Information Destruction, Inc. (NAID)
website.
www.naidonline.org/facts.html
|
