Latest news
Tim McBride serves as the Vice President and General Manager of Secure Destruction Services for Recall North America. He is focused on driving improvements in safety, security, service and efficiencies, and is responsible for exploring potential new opportunities and emerging technologies within this service line. In this interview he talks about the practice and requirements of document shredding, and the risks of doing it wrong.Everybody who has ever worked in an office is familiar with those relatively small paper shredding machines. What other types are there? Is there a "right" and "wrong" way to shred paper documents?
There are numerous commercial shred options to choose from including strip shred and cross-cut, however the best way to protect your organization is to utilize a professional third party Secure Destruction provider with a closed loop chain of custody process in place with stringent controls that provide “end-to-end” security. Knowing a document’s lifecycle, from creation to destruction, is the first step to a fully functional records program. Establishing what each document is and where it is located will minimize the legal risk, regulatory compliance risk and annual expense of data management and storage.
Is shredding of confidential documents mandated by law for some entities in the U.S.? If yes, which ones? Is the manner in which it has to be executed regulated by law?
The Federal Government has specific compliance standards in place which is also true in Canada. As compliance laws and regulations evolve, company policies need to stay on top of the changes. Written data security programs and plans should be administered and re-evaluated and it is important to view your policies as a living document, not a list of laws set in stone.
Although certain government agencies do have shred size particle specification requirements (some of which require NAID Certification), they are not dictated by law but rather by internal policy. Regardless of an organization’s mission, securing and managing critical documents must be a top priority across every department. The goals to keep in mind are keeping mission critical information protected from unauthorized access and destroying physical documents so that they are unreadable and unrestructable. Further impacting the need for security are the many regulations that require the storage and security of important documents such as HIPAA and HITECH (health care), Sarbanes-Oxley and GLBA (public companies, financial institutions) and individual state regulations.
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
