Canadian Security Magazine

Features Data Security
How to properly destroy a document

There’s more to managing and destroying documents than a filing cabinet and the office shredder, especially in this era of flexible work


PHOTO: Wikimedia Commons

Destroying a document may sound like an unproblematic process, but if not done properly, it could result in serious security breaches. Businesses are required by law to retain confidential client, employee and company information for a specified amount of time, but many documents eventually outlive their purpose.

“Every company generates paper or digital files,” says Owen Key, director, advisory services, risk consulting, KPMG LLP. “Whether they’re emails, official records or non-official records like transitory documents — such as emails or instant messages — they have to have particular protocols or policies around destroying [them].”

Mike Borromeo, vice-president of data protection for document destruction provider Shred-It, explains that holding on to confidential documents for too long puts your business at risk of a security breach and non-compliance with privacy legislation. “How long you store business records should be determined by a retention schedule that balances each record’s usefulness with the legal requirements,” Borromeo says. ‘This schedule will depend on the type of business and the lifecycle of specific documents.”

Typically, documents are stored for about 10 years before a company destroys them. What surprises Mike Safar, senior product marketing manager of OpenText, is how many large companies have huge file shares, and departmental file shares — some businesses will keep the files forever. “They were very nervous about deleting content because of what’s called legal spoliation — if they got into a legal discovery situation that if anything was deleted, they were going to have a problem,” says Safar.

Advertisment

“The main problem that you have to solve is to understand what the content is as soon as possible so that you can get it where it’s going, or as close to where it’s going to land for the rest of its life.”

Safar adds that the company’s OpenText Content Suite oversees the lifecycle management of information across the enterprise from capture through archiving and disposition. Among its features, the OpenText Content Suite helps to ensure information governance of both digital and physical content to adhere to retention, disposition or destruction guidelines in accordance with internal policies and external regulations.

For its part, Shred-it uses an industrial shredding machine with a crosscut shredding technology that reduces paper to fine, confetti-like pieces, versus conventional strip-cut pieces that are more susceptible to outside reconstruction. “From there, shredded paper is bundled and sent to a paper mill for recycling,” Borromeo explains.

In an era of advanced technologies, most companies have transitioned to the digital space and are heavily focused on cybersecurity for protection.Boston-based Iron Mountain, an enterprise information management services company, is known for its document storage and shredding capabilities. However, in recent years, Iron Mountain made a transition as their customers began to change their behaviour.

“Over the past several years, Iron Mountain has moved more into the digital space and advanced towards more offerings around the cloud storage, secure offline storage and data recovery,” says Iwona Sikora, senior vice-president and general manager of Iron Mountain’s records management group. “If our customers choose to move completely to the digital space, we have a solution around data extraction and data analytics that help to actually unlock the value of the data for our customers.”

Even though digital documentation is on the rise, Key is of the opinion that offices will never go fully paperless.

“We’ve had a huge move towards digitization of documents and moved away from paper,” Key says. “I don’t think we’ll ever get to a paperless office, to be perfectly honest.”

While cybersecurity breaches have become a top concern, companies should still be mindful about physical documents, such as paper documents, laptop computers, and external hard drives, as they can pose similar risks and consequences to an organization if compromised, according to Borromeo.

“While the concept of a paperless office has long been talked about, the reality is that businesses still consume paper due to technical obstacles and personal preferences, such as marking up documents,” Borromeo explains. “In addition, the work-from-home trend has risen steadily over the past decade and many were quickly thrust into remote work as a result of the COVID-19 pandemic. Working from home adds another location where information can be unintentionally leaked to outside sources.”

Risks can include potential mishandling of physical documents, such as the improper disposal of confidential information, visual theft, as well as digital threats such as an unsecured Wi-Fi connection.

“We believe that security for physical and digital documents is equally important, and businesses should continue to prioritize physical security compliance to reduce risk,” Borromeo says.

OpenText has a system in which their customers are able to track their physical documents. OpenText encourages their customers to image their documents so that they are available on demand, explains Safar.

“What’s interesting is I may have to keep the original paper, and what we can do is keep all of that in one file so that when it’s destroyed, it’s destroyed together,” Safar says. “The electronics are destroyed and the rec room is also trading the box of records that go with it at the same time, so all that’s coordinated through our records back end.”

While security breaches and cybersecurity hacks have been making the headlines during the COVID-19 pandemic, it has made little impact in terms of how businesses go about destroying their digital and physical documents.

“COVID has highlighted issues in regards to controls over working from home and using VPN, and multi-factor authentication to get into your work repositories or your cloud environments,” Key says. “However, I don’t think it’s really pushed in terms of destruction. Most companies do not have mature data and document destruction policies.”

Sikora argues that from a business perspective, COVID-19 has had an impact on document management, as people have been working from home and wanting to accelerate their digital transformation.

“We have been receiving a lot of requests from our customers, where they say, ‘Can we switch the process to digital quickly?’” Sikora relates.However, says Sikora, there was still a need for paper documents to be properly managed during the pandemic.

“For example, when legal firms and their lawyers were working from home, they were asking us to deliver physical documents, because a lot of lawyers have to go through the paper,” Sikora explains. “They would ask us to deliver it directly to their homes…There was a lot of change from a perspective of destroying digital documents.”

Safar has similar sentiments to Sikora, in the sense that OpenText did not have to amend the features provided, but rather the company saw a change in how customers valued their services. When COVID-19 began, a number of OpenText’s customers began deploying laptops in the field. They turned to OpenText for their software solutions to ensure that their information was protected while on a budget.

“So the question now is, how do you capture that? How do you deal with spoliation? Some customers might, for example, be looking at the cost of COVID-19 or they might be looking at something very simple like using our [subsidiary company] Carbonite’s software to back it up,” Safar says. “Even if the user destroys the entire laptop, or loses it, or runs over the driveway, it doesn’t matter. We are legally compliant with that.”

Sikora says that the pandemic has added a layer of complexity with this remote workforce, and companies will continue to provide services based on customer behaviours and needs for document management.

“Our clients are still both using paper and digital information and they are facing an increasing complexity, integrating and transitioning across the hybrid environment,” Sikora concludes. “We at Iron Mountain are helping those organizations to go through this transition, and providing the solution that follows them.”


Print this page

Related

Tags



Leave a Reply

Your email address will not be published. Required fields are marked *

*