A data breach is a security incident where private and/or privileged information are accessed by unauthorised persons either intentionally or unintentionally. As of 2017, the average cost of a data breach is at $3.86 Million, and each stolen record could cost $148 per record on average. Although, whenever we hear “data breach”, we often think about digital data being stolen or accessed by hackers. However, data breaches could also pertain to paper records as well.
In fact, there was an incident with a health organisation that was penalised for $800,000 due to paper record breach involving patients’ medical records. More to the point, when it comes to a data breach in the healthcare sector, paper record breaches are the most common type of breaches in hospitals. So here are steps and ways for your company or organisation to protect your confidential documents:
Know What’s Confidential
To protect sensitive information, you have to know what counts as “confidential”. Confidential documents vary across different industries. However, the most basic and common confidential information are those that pertain to clients and customers, recipes and formulas, finances, and contracts.
Customer List and Information. It’s important for a firm or business to protect their list of customers to avoid other competitors from stealing them, as well as to safeguard the customers’ privacy. Customer information such as medical data, bank account numbers, and other private information should be safely guarded as unauthorised access could lead to dire consequences to the customer and the company.
Financial Statements. One’s financial statements should be kept confidential as they are considered trade secrets that contain how you do business.
Operations-Related Instructions. Operations manuals, instructions, and recipes are trade secrets that should only be accessed on a need-to-know basis.
Contracts. Contracts between customers, suppliers, and vendors should be kept confidential as competitors can use them against your company or organisation.
Non-Disclosure Provisions on Your Employment Contracts and Agreements
Employees who have, or will have, access to confidential information should have non-disclosure provisions in their contract stating what they are and not allowed to do with confidential information (may it be through an electronic document or paper-based), and that they are required to turn over confidential documents upon termination. This allows your company to legally enforce protection of confidential data and documents, as well as reminding employees to be careful when it comes to handling confidential documents. Additionally, a company can add a confidentiality policy to the handbook, which details how to deal with confidential information and documents, as well as how they are disposed of.
Label and Inventory
Once you’ve determined your confidential documents, it’s important to label the document or the folder they’re in as “confidential”. This could also apply to emails — when sending an email with confidential information stated or attached, the title or subject should also be labelled as confidential. There should be an authorised staff assigned to assign a code, monitor, and make a list/inventory of all confidential documents so they can easily be tracked for use or in case of any suspected leak.
As much as possible, access to confidential documents should be treated on a need-to-know basis. So only employees and management staff who are going to read and use the documents are the only ones who can access it. Hard copies of confidential documents should be locked away with only authorised personnel having the keys or key codes, while soft/electronic copies of the documents should be encrypted and password protected — the computer in which they’re stored should also be password protected and monitored.
Proper Clearance and Screening of Departing Employees
When an employee ends their contract or is terminated, there should be a proper clearance procedure to ensure that they turn over all hard and soft copies of confidential documents.
Properly Dispose of Documents
Your company or organisation should determine when and how to dispose of old or outdated confidential documents — even though the information printed on them are no longer up to date, they still contain privileged information. A company could shred these documents or, better yet, employ companies offering confidential shredding services to professionally and safely dispose of these documents.
Data breaches cause more than just headaches; they could do a lot of damage to an organisation or company their reputation, stakeholder trust, and finances. And it’s not enough to safeguard your company or organisation’s cyberspace as data breaches can happen through paper records. So keep these basic steps and tips in mind to protect your confidential documents.