Giving away data
We have on occasion discussed dumpster diving, and about the fact that once it is off your property trash enters the public domain. We have also discussed the importance of shredding documents (with a crosscut shredder, not a strip shredder, or having them destroyed by an outside firm. Failure to do so can expose you to liability (not to mention earning you a mention in our Competitive Intelligence, Economic Espionage, and OPSEC section).
There are five areas that you might overlook which can get you in trouble, but which can be avoided.
First, when desks and cabinets are thrown out, there are invariably documents still in them. Often these can be fairly sensitive documents. It is important that any piece of furniture that might contain information be checked by a reliable person before tossed.
Second, when people leave an organization voluntarily they tend to throw away lots of paper, with relatively little concern for its sensitivity. For those of us who feel the only paper that should be thrown out un-shredded is food wrappers, this is an area of concern.
Third, when people leave involuntarily, either from being let-go or by dying, other people eventually come in and throw things out, often with less care or knowledge than if it were their own stuff handled on a day to day basis.
The fourth problem comes when you have an outside firm destroy your documents but don’t actually check, regularly, on how the destruction takes place. As an example, it has happened that sensitive documents have been sent for disposal, and that what actually happened was that they were baled, unshredded, and sent overseas for reprocessing. If you use an outside service, know what they do with your paper, and monitor it on a periodic and unpredictable basis.
Finally, remember that a lot of data is now kept on computers which are replaced regularly. Often the old computers are thrown away or given away. Before any computer is given a new home someone should be satisfied that no sensitive data remains on the drive.