The workplace is a repository of valuable personal information. Social security numbers are linked to names and birth dates: tantalizing data bits for thieves intent on accessing these records for fraudulent use.
Identity theft has become so rampant nationwide, victimizing millions of consumers and causing billions in business and personal losses every year.
Technology has made it easier to access, organize and transfer information; but much more should be done to prevent personal information from falling into the wrong hands. Protecting personnel records should be among the priorities of businesses because they can become liable for a security breach that compromises sensitive information.
Hiring and retention of employees require the collection and verification of personal information of applicants and employees. Social security number, driver‘s license and passport information are routinely kept on file. As it stands, businesses are accumulating too much information about personnel, some of which are never used.
Determine how employee information is utilized. Delete information that is not needed and related documentation should be discarded properly.
These days, personnel data can be stored electronically or in the traditional way using hard copy in filing cabinets or file boxes. Electronic data are secured through encryption and password protection of files.
Traditional data storage poses a security challenge as it requires more stringent measures to safeguard documents. There is always a concern that routine practices such as making photocopies and sending facsimiles of records containing confidential information can lead to unintended leaks.
Data Access and Distribution
It is important to make sure that information can only be accessed by personnel who are cleared for the task and who have a legitimate reason to retrieve the data. In addition, office policies should define which information can be disseminated without breaching privacy policies.
It is common practice to use social security numbers as employee identification numbers and health insurance policy numbers. This practice increases the risk of data theft. Some states have legislation in place that discourages public display of social security numbers on office documents such as daily time records and identification cards.
Businesses should have a policy in place to dispose of confidential records that are no longer needed.
Delete electronic records but ensure that storage media is carefully sanitized to render sensitive information unreadable. Records containing identifying numbers and protected health information should be destroyed in such a way that the information can no longer be retrieved by any means.
For storage media that will still be in service including hard drives, overwrite the information until no longer readable to eliminate the risk of fraudulent retrieval. Typically, a third-party application is needed to securely delete files and reformat the drive.
Hard copies and all printed forms should be destroyed and disposed of carefully to prevent data breach and comply with privacy laws.
When to Hire a Paper Shredding Company
With technological innovations in the fields of data handling, more companies are turning to electronic storage to facilitate seamless information sharing. Migrating from printed records to electronic data will require the services of a professional paper shredding company who will have the equipment needed to handle a massive volume.
Furthermore, periodic document destruction should be part of a records maintenance protocol to ensure compliance with privacy regulations and to eliminate paper files that take up valuable office space.
Ensure that documents are digitized and catalogued before tagging the printed version for destruction.
At the outset, use the services of a company that will shred on-site with mobile equipment that can be used inside the office or on the premises with a truck-based shredder. This will minimize chain-of-custody issues and simplify the process.
When documents slated for destruction can only be processed in the shredding company’s industrial-grade equipment, they should be kept in lock boxes, transported by GPS-monitored trucks and shredded in a secure facility. Obtain a Certificate of Destruction after the job is completed.
Full-service shredding companies will also destroy storage media including hard drives, compact discs, digital video discs and external drives.
Safeguarding Data is Mandatory
The work place is a gold mine of personal information. Companies that collect information are accountable for safeguarding these data through secure storage and information handling policies that limit who can access the records and how the data is used and discarded. Securing confidential information is good business practice as it protects employers from liabilities and business losses while minimizing the risks of identity theft for its employees.