Thinking about document security can feel a little like diving down a rabbit hole: Considering one need often leads you to think of another. Whether your concern is regulatory compliance with HIPAA or FACTA, or simply maintaining the privacy of your clients and staff, identifying and cataloging all potential instances when shredding might be appropriate quickly becomes cumbersome. That’s why taking the opposite approach – with a simple, easily-implemented “All Shred” policy – can be faster, more effective and maybe even less expensive.
All-Shred Policy Simplicity
An “All-Shred” policy is just as it sounds. It directs everyone in your organization to dispose of all business documents that are no longer needed in secure containers for shredding. While this may sound extreme, in reality it might be the more conservative approach. Given the penalties for regulatory noncompliance, the potential liability with a data breach, and the business risks of accidentally disclosing sensitive information internally and externally, saving money by skimping on document security may be false economy indeed.
The beauty of an all-shred policy lies in its simplicity. Instead of listing every type of document you would like shredded, your all-shred policy can be as simple as this:
“All paper documents being discarded as waste across the organization – except for unaltered newspapers, magazines and non-personalized printed advertisements – must be disposed of in secure containers for shredding prior to disposal and recycling. If in doubt, please shred.”
Easy to Communicate & Follow
This type of policy is easy to communicate and understand. And though it will likely result in a greater volume of material to be shredded, it all but eliminates the valuable employee time spent dithering and debating over whether or not to shred individual items. It also removes much of the human error from the process, so documents that employees “didn’t know” were sensitive won’t accidentally end up in the wrong hands.
What To Consider
Of course, implementing an all-shred policy may require thought beyond the policy itself, including:
- Determining which documents should be kept and which ones can be safely discarded.
- Ensuring that information you need is captured and stored electronically before disposing of paper documentation.
- Deciding how and when to dispose of electronic and other non-paper types of data.
- Creating specific processes for disposal of documents covered by HIPAA, FACTA or other regulations.
- Identification of significant forms of paper waste to be excluded from shredding.
- Establishment of workable systems for collecting, storing and disposing of shreddable waste.
A shredding policy is only as good as its execution. If your policy isn’t comprehensive, universally understood and easily executed, gaps are inevitable. By implementing an all-shred policy throughout your organization, you minimize confusion and – along with it – potential gaps in your company’s security.