Whether the result of unauthorised access to a company laptop or the loss of sensitive paperwork, a data breach is a data breach.
And when it comes to complying with GDPR requirements and reducing the risk of personal data breaches, paper should be as high a priority as digital. But we can often hear plenty about digital data protection while sensitive documents appear to be lower on the list.
Unless paper is always factored in by organisations as part of reviewing and updating their GDPR policies, there is every chance they’re risking a hefty fine.
Data breaches reported in the last few years show why paper-based data should be treated with as much care as digital, and that organisations of all sizes need to take note.
Between 2017 and 2019, the Crown Prosecution Service was reported to have experienced 1,378 unauthorised disclosures of confidential data. With 223 of these incidents considered to be a serious data loss, the figures included the loss of paper documents as well as digital devices.
The CPS also reported 172 incidents of loss of electronic media and paper documents from secure government premises, and the loss of 53 paper and electronic documents from non-government premises in the most recent financial year.
Among the ways of keeping paper data safe are secure storage, responsible printing and effective shredding:
Leaving confidential papers or folders on desks for colleagues to review or action when they get back to the office is a big no-no.
And the days of letting paperwork pile up on our desks should be well behind us, particularly if these documents contain personal data.
All confidential paperwork should be kept in locked drawers, in filing cabinets or storage boxes when it isn’t in use.
Documents should only be taken off work premises when strictly necessary, and then in lockable luggage.
Another risk area is the unsecured printer.
Stored print jobs, network printing, insecure settings, lack of centralised control and accessible output trays are just a few factors that can see print outs end up in the wrong hands.
Output trays are an easy way for sensitive data to fall into the wrong hands. All your printers should allow ‘pull printing’ only, so that documents can only be retrieved by their owner.
Settings should also be restricted to admin-only access so that permissions cannot be changed by anyone unauthorised.
Secure destruction is the vital last step in looking after confidential paperwork through its lifecycle.
Documents should be destroyed as soon as they are no longer needed, using a micro cut or cross-cut shredder. Organisations should have clear retention and destroy policies in place, setting out for how long different types of documents need to be kept and when they should be shredded.
For more information
View our Security flip book