With many workers away from the office, confidential information and data is at higher risk of a breach. And with 66% of home workers admitting to printing work-related documents since they began working from home, Shredding and Records Management company Go Shred has collated its top tips to improve document security outside the office.
1. Understanding what is confidential
When it comes to confidential information, it’s important to consider GDPR regulations. At its core, GDPR concerns the ‘integrity and confidentiality’ of personal and sensitive data.
When thinking about how to keep information and documents secure when working from home, it’s worth going back to basics and speaking to employees about the types of data processed within your organisation.
The main types of documents you need to consider improving security on are those that contain personal and sensitive data about customers, the business and each other:
- Documents containing personal information about staff and customers are classified as confidential. Under GDPR ‘personal data’ means ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
- You should also consider any documents that contain sensitive data. The GDPR rules refer to sensitive personal data as 'special categories of personal data'. This category of data can cover everything from an individual’s race, to politics and genetics, and therefore needs extensive protection.
- Don't forget sensitive business data, which means any documents that may be considered as commercially sensitive or require additional security measures. These include information relating to intellectual property, office plans, office IDs, internal procedure manuals and client contract details and commercial documents, including invoices. 30% of home workers print items including contracts and commercial documents.
For businesses, both online and paper-based data breaches can result in hefty fines – up to 4% of annual turnover by the GDPR. In certain cases, prison sentences can be imposed. A confidential waste disposal policy should form part of a business' records management policy. If employees are clear about how to handle confidential waste, security breaches will be much less likely.
2. To print or not to print
Interestingly, 41% of homeworkers recently stated they are aware of the GDPR rules and regulations around printing confidential documents related to work outside the workplace, but they have no choice other than to print at home.
The poll also revealed that homeworkers are printing five documents every week on average. That means that since the government first advised against all unnecessary social contact on 16 March 2020, homeworkers have potentially printed an average of 235 confidential documents to date.
Businesses need to be aware that printing anything from meeting agendas to expense forms, CVs and internal documents could put them at risk of breaching GDPR regulations. Business leaders should consider how they can work with their existing confidential waste management companies to support the correct disposal of these items, with products such as mini shredding bins and remote collection now available.
3. Secure storage
Where the printing of documents containing confidential information is unavoidable, the physical documents need to be secured safely. This means they must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, using appropriate technical or organisational measures.
With regard to personal data, Article 5. 1.e of the GDPR clearly lays out the principle of ‘storage limitation’, and says personal data should only be kept for as long as is necessary to fulfil the purposes for which the data is being processed.
It’s advised that businesses review their existing GDPR guidelines and refresh these based on the risks faced when working from home. Staff should be encouraged to only store information they have printed in secure locations that cannot be accessed by anyone other than themselves. They should not be left in plain sight or even read in clear view of anyone else outside of the organisation.
4. Confidential waste bins
If sensitive documents need to be disposed of, this also needs to be done securely. They should be shredded or placed in a confidential waste bin. In order to keep this information safe, all confidential waste must be disposed of, collected and then destroyed separately, before it can be recycled.
If businesses have supplied their staff with confidential waste bins for their home offices, they should then be collected and sealed in security bags prior to shredding or collection by a waste contractor. When it comes to the destruction and management of secure information, it’s vital to work with a company that works and operates to the most stringent and appropriate standards. Key certifications and accreditation to look out for include ISO:9001:2015, EN15713:2009, Environment Agency Waste Carriers License and Information Commissioner’s Office Certificate.
5. Keep up to date with cybersecurity threats
Businesses should also consider how to keep documents and sensitive information safe online. Whilst many staff members are working from home, accessing digital documents can open them up to new hacking risks.
For any information that’s stored digitally, it’s essential to control access by using passwords, firewalls and encryption. This should also be considered for any information that is held on hard drives or USBs.
When using passwords to control access to confidential information, they must be secure and updated regularly. Sensitive information should also only be accessed via a secure internet connection on approved devices. Requiring employees to connect to the same server they would in the office to access or via secure online document storage solutions, such as Google Drive, is one way of protecting the information from unauthorised access.
For more tips and tricks of keeping documents safe when working from home, visit Go Shred.