No matter the size of your business, when dealing with customer and employee information you must have strict physical document security policies in place. It’s the law. If a breach were to occur and you were to be reported to the Canadian Privacy Commissioners office, your business could be facing some large fines for non compliance and bad press which could lead to a loss in customers and revenue.
This is why it’s so important to implement physical document security policies within your business.
Here are 8 things you can do to ensure physical documents are kept secure in your workplace:
1. Limit Access to Physical Documents
Storage cabinets and store rooms must locked and access be limited to a select few individuals who need the information to do their job.
Outsiders in the office must always be supervised so as to ensure that they don’t mistakenly or deliberately breach document security measures.
2. Don’t leave sensitive information on the printer for anyone to pick up.
If you print to a shared printer, immediately retrieve your document. You want to ensure that only those that should see sensitive information within your business have access to it.
If you scan and email sensitive documents, ensure data is encrypted and that the printer removes archived files on a regular basis.
Not many people know, but your office printer has a hard drive that saves all print and scan jobs on it. Clearing this information regularly prevents access and destroying your printers hard drive at the end of it’s life is also necessary.
3. Create policies for how long you should keep documents.
Know the laws on how long you need to retain your business information. Once the documents have reached the end of their useful life, destroy them promptly
4. Consider using a Records Management company
Depending on your industry and how long you must retain documents for, it may make sense to store them offsite at a proper Records Management Facility. The purpose of this is twofold:
- You can save space in your office
- You know your information is completely secure as these facilities have very comprehensive security protocols
Don’t worry, if you do use a Records Management company, you are able to easily access your documents when you need them! In fact, most companies will either scan and email the documents you need or deliver them to you.
5. Shred All Unnecessary documents
Create a policy that ensures your employees shred all paper information. Deciding which documents are sensitive and need to be shredded and which are not can be subjective. Implement a policy that ALL paper documents are destroyed can remove this risk.
Once a document is no longer needed, destroy it right away. When unneeded documents sit in your office for long periods of time runs the risk of them being discovered by unauthorized people and could result in a breach.
Make sure important paper documents are not tossed into the recycling bin but placed in the shredding bins instead
6. Use a reputable shredding company
Instead of having your employees shred documents themselves (which can be time consuming and inefficient) hire a reputable shredding company that can come to your office and shred on a regular basis.
7. Share your Internal Policies and Provide Training
Be sure to share your internal policies with your staff and provide training so that everyone is well aware of the expectations and the risks.
8. Regularly audit your policies to ensure compliance
A few times a year, do a physical audit of your document security policies. For example,
- Do you see sensitive data within the area of the printer?
- Are there old documents that are now passed their useful life that need to be shredded?
- Are physical documents being locked up on a regular basis?
- Are employees placing all paper documents in the shredding containers or is there sensitive information in the recycling bin?
If you find that your employees are not following the guidelines that have been set in place, then it is time to provide further employee training so employees can understand and better follow the workplace policies.