Document disposition for small businesses: the compliant way
Whitepaper
Keeping every one of your organization's sensitive, private or business-critical records indefinitely would be impossible—and dangerous. One misplaced document or a single instance of information shared over an unsecured wireless network could result in thousands of dollars in fines and untold damage to your reputation.
Everyone has that one junk drawer in the kitchen full of clutter they don’t use. While it’s trivial in the home, storing unused items is a major issue for small businesses.
From full hard drives to disorganised filing cabinets, your business information may start to become increasingly difficult to manage, store and access in compliance with regulations. The solution? Put together a defensible records disposition policy that outlines clearly what should be permanently archived and what can be securely destroyed.
Store or destroy?
Records and information management (RIM) policies on defensible disposition go hand-in-hand with records retention schedules that capture all the different records created and used in your business. Regardless of its format, your retention schedule should indicate how long each class of record must be retained to meet legal, regulatory and operational requirements.
Once a record has reached the end of its legal retention period and is of no further operational or business value, it must be securely destroyed or permanently archived.
Defensible disposition policies and practices will help guide your business compliance. Before you can decide what to keep or not, it’s important to know what you have, where it’s stored and how it’s accessed.
Taking inventory of your records, their types, formats and where they’re stored is essential. This index of records should include both physical and electronic versions as well as a map of your in-house and third-party stored record repositories.
Why dispose?
Given the rate small businesses are generating information and data, it would be pointless–not to mention impossible–to store all your records and information indefinitely. Here are the top four reasons for compliant records disposition:
- Space
Wasted space is another (unnecessary) added cost to your small business. How much do you spend on office space? How much space could be saved by emptying every filing cabinet and storing your paper records in secure, offsite facilities? - Protection
As small businesses evolve with the digital economy, data privacy and protection laws are becoming increasingly important for operational success. Keeping personal information about your customers may put your business in breach of data privacy regulations. Are you holding on to customer data you are not legally entitled to have? The fines could be an unwelcome financial surprise. - Leaks
Destroying data no longer in use guarantees it won’t fall into the wrong hands. Leaks from employees are more common than you might think. Inadvertent data disclosure can be just as damaging as a deliberate data breach. - Theft
If the data doesn’t exist, it can’t be stolen. With the steady increase of cybercrime and the vulnerabilities small businesses have, the need to protect stored data is pressing. Secure destruction is the ultimate safeguard.
What to hold on to
Sometimes, there are records that just can’t be destroyed. Typically, this includes things like evidence in an ongoing dispute or documents under a legal hold in anticipation of litigation.
Physical danger
Most employees have more than one device. Multiple phones, laptops and tablets mean more data that needs protection in more places. As device lifecycles continue shrinking, businesses need an effective, defensible asset disposition plan.