The Panama Papers is the latest mega data breach where millions of confidential documents from a Panamanian law firm were leaked, exposing offshore bank accounts – and possibly tax havens – for wealthy clients.
In light of this recent breach “I think we need to change the fundamental design of the way each and every document is created and managed,” – commented Bill Anderson of cyber security company OptioLabs, in a cnet.com story about the Panama Papers.
While there are many aspects to data security, a sound document retention policy is one of the most important. Knowing what confidential documents to keep and which ones to permanently destroy should be of concern to everyone. Maintaining a clean desk policy will also help minimise the risk of confidential documents getting lost with other data.
This high profile case may sound like it won’t happen to you but the chances are that the data breach occurred by improper use or destruction of a data. All it takes is one wrong move for all your data to be accessed.
Below are some document retention policy guidelines to help keep your information secure.
- Information Audits: Use audits to identify the types of documents the business produces, and to create an inventory and keep it updated.
- How Long To Keep Tax Records? There are two parts to data retention: how long documents will be useful to the business, and how long they must be retained based on government and industry requirements. Checking with Revenue.ie on how long to retain your tax returns.
- Fines – either way: While it’s law to keep certain documents, if you retain a record for too long you might also expose yourself to litigation risks and fines. Like most privacy laws, Data Protection Act compliance stipulates the record must be securely disposed of when the official retention period is over.
- Emails: Records are paper files, digital documents, and correspondence including emails. According to wired.com, the Panama Papers leak included more than 4.8 million emails (as well as 3 million database files and 2.1 million PDF’s). If emails aren’t part of an important business or legal use or not subject to regulatory compliance, delete them within the appropriate time frame.
- Controlled Access: Index all documents for easy retrieval. Store in a secure, locked location and/or in a password protected file. Control who can access sensitive documents and logging when this information has being accessed. Storing unwanted documents increases the risk of a Data Breach and adds to clutter.
- Secure disposal: The only acceptable way to discard paper or digital documents when they are no longer needed is to completely destroy them. Industrial Shredding companies can dispose large quantity of documents, and outsourcing eliminates risk. Partner with a reputable shredding company that has secure chain of custody processes for information destruction. A Certificate of Destruction will document compliance and should be issued after every shred.
At Security In Shredding data security is equally important as confidential data destruction. An on site service or off site service is available throughout Ireland. Please visit our site for more information.