Is There a Better Way to Dispose of Client Documents Than Hiding Them Under a Tarp?
You’ve heard about following a paper trail? In 2014, The Boston Globe and the local Fox News affiliate reported that a man taking a walk in the town of Plymouth, Massachusetts, followed one to a pile of thousands of mortgage application documents. Packed with sensitive personal and financial data, the applications had been dumped in a field.
The document pile was traced to a Boston-area real estate attorney. He acknowledged leaving them in the care of a woman who owed him money. The documents were left in her barn, under a tarp … until she decided it was inconvenient. She then moved them to the field where they were discovered.
After some hounding by reporters, the attorney burned and buried the pile. But, as The Globe tartly put it, hundreds of his clients were left “wondering if their personal information could have been obtained, as the records were out in the open for anyone to access.” Even Massachusetts attorney general Martha Coakley was quoted expressing concern.
The horse-barn-tarp-bonfire approach to document storage and destruction is certainly novel. It’s not one I recommend.
In a recent Recall blog post, my colleague discussed the risks associated with a failure to protect sensitive information from loss due to a data breach. “Why take that risk when complete life-cycle management — from creation and capture until destruction — is well within your reach?”
Secure document destruction is an often-overlooked aspect of data management. Do you think the real estate attorney should have opted for an old-fashioned filing cabinet and a ribbon shredder rather than a tarpaulin in an open field? Considering the nature of the information involved, cabinets and ordinary shredders are not much better.
You see, every business collects, creates, stores and manages sensitive information. There’s no getting around it. Employee records contain personally identifiable information, financial records and health data. Client and customer transactions may involve banking or credit account data. There may be intellectual property that is valuable to your business, or documents containing another company’s information covered under a nondisclosure agreement.
Whether it is on paper records or on portable electronic media such as USB flash drives, hard drives or archival tape, data must be handled correctly. That includes the affirmed destruction of that data when it is no longer needed or when disposal is mandated. Proper disposal is required by law. It is a moral obligation you owe your employees, customers, partners, patients.
Like our lawyer friend, many businesses think they can handle the challenge of secure destruction themselves. It’s not that easy. Did you know that your typical office shredder — even a cross-cut shredder — leaves fragments that can be put back together? Throwing that confetti out with the trash is unsafe. By the way, it may not even meet legal standards.
Every business should have — some may be required by law — a written information security program (WISP) detailing how sensitive information is managed and destroyed. The good news is, information management and secure destruction services are available, including full chain-of-custody and an itemized certificate of destruction provided for your records.
With all the attention being paid to data security these days, it doesn’t pay to do it yourself. The good news is, it doesn’t cost a lot to let the professionals do it for you. Call Recall to learn how we can help.
Keep up with Recall online: