How to Tell if Your Document Disposal Policy Needs Work

Policies and procedures

Every workplace needs policies in place, and time and attention must be devoted to keeping them current. Your document disposal policy is no exception, and since it exists to prevent unauthorized disclosure of information through timely and secure destruction of that information, it is vital that it receives regular attention.

What Is a Document Disposal Policy For?

A document disposal policy directs all of your employees to securely dispose of documents when they are no longer needed, ensuring that no confidential data or personal information lands in the wrong hands. Review your policy and ask these questions:
  • Are staff aware that a policy exists?
  • Are there clear directions of how personal information must be handled from the moment it is created to the time it is disposed of, known as “cradle to grave”?
  • Are there procedures for protecting stored personal information, whether it is on-site or off-site, including any third party that handles the information your organization has generated?
  • Is there a standard procedure for destroying no-longer-needed paper documents?

What If We Don’t Maintain Our Policy?

The most serious potential consequence of improper document destruction is that you could lose your business. If you think that’s unlikely, consider the National Cyber Security Alliance’s finding that 60% of all small business that experience an information breach close within six months.

Businesses without a clear, current document disposal policy—that all employees adhere to—are far more likely to become the source of a data breach compared to other businesses. Without a policy, you, your staff, your clients, and company remain vulnerable to the consequences of an information breach.

Why Create a Policy?

A document disposal policy can:

  • Help your organization become, and remain, compliant with data privacy regulations.
  • Protect your organization’s assets, trade secrets, client lists, as well as account, financial, client, and personnel information.
  • Minimize the chances of a privacy breach. Personally identifiable information (PII) is a liability that must be disposed of properly.

Without the direction provided by a document disposal policy, the overwhelming likelihood is that your staff will make mistakes, choosing to do what is most convenient or assumed to be correct.

How Do We Create or Review Our Document Disposal Policy?

  1. Designate a knowledgeable and trustworthy staff member to head up a team that oversees the creation and/or ongoing evaluation of your policy. They will also be responsible to make sure that all staff are familiar and trained in the contents of the policy.
  2. Partner with a professional shredding provider with NAID AAA Certification so you know they adhere to the highest security standards in the industry. They will supply you with locked shred collection containers so all discarded documents are kept secure until shredding. They will also supply you with a Certificate of Destruction after each shredding service to prove your organization is compliant.
  3. Clearly communicate the policy’s importance throughout all levels of your organization. Make sure all staff members understand the importance and value of it. Refer to it often and print a copy of it for each of the staff at training sessions.
  4. Schedule regular evaluations of your policy so it remains current with new data privacy laws as they are implemented or altered.

Shred Boss provides NAID AAA Certified shredding services throughout Southeastern New Mexico and will safeguard your files and destroy them in accordance to state and federal laws. For more information, simply give us a call at 575-347-4733 or complete the form on this page.