Everybody who has ever worked in an office is familiar with those relatively small paper shredding machines. What other types are there? Is there a "right" and "wrong" way to shred paper documents?
There are numerous commercial shred options to choose from including strip shred and cross-cut, however the best way to protect your organization is to utilize a professional third party Secure Destruction provider with a closed loop chain of custody process in place with stringent controls that provide “end-to-end” security. Knowing a document’s lifecycle, from creation to destruction, is the first step to a fully functional records program. Establishing what each document is and where it is located will minimize the legal risk, regulatory compliance risk and annual expense of data management and storage.
Is shredding of confidential documents mandated by law for some entities in the U.S.? If yes, which ones? Is the manner in which it has to be executed regulated by law?
The Federal Government has specific compliance standards in place which is also true in Canada. As compliance laws and regulations evolve, company policies need to stay on top of the changes. Written data security programs and plans should be administered and re-evaluated and it is important to view your policies as a living document, not a list of laws set in stone.
Although certain government agencies do have shred size particle specification requirements (some of which require NAID Certification), they are not dictated by law but rather by internal policy. Regardless of an organization’s mission, securing and managing critical documents must be a top priority across every department. The goals to keep in mind are keeping mission critical information protected from unauthorized access and destroying physical documents so that they are unreadable and unrestructable. Further impacting the need for security are the many regulations that require the storage and security of important documents such as HIPAA and HITECH (health care), Sarbanes-Oxley and GLBA (public companies, financial institutions) and individual state regulations.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.