Most credit unions keep sensitive personal information in their files–names, Social Security numbers and account data–that identifies customers and employees. When sensitive data falls into the wrong hands, it can lead to fraud and identity theft.
Managing the destruction of customer and employee records is critical to protect information from falling into the wrong hands. Not only can a data breach impose a major inconvenience on members of the credit union and cost thousands of dollars in fines, but it can also diminish a financial institution’s reputation and credibility. Bad publicity, legal fees and law suits can cost your business millions of dollars. According to the Ponemon Institute, in 2010, the average cost per breach for a business was $7.2 million, compared to an average per-incident cost of $6.75 million in 2009.
The first step in implementing a document management program is researching and understanding pertinent data privacy and protection laws and regulations. In addition to federal and state laws, depending on industry, businesses may need to comply with other laws such as the Fair Credit Reporting Act, the Fair Accurate Credit Transactions Act, the Sarbanes-Oxley Act and the Payment Credit Industry Data Security Standard.
Once you’re aware of compliance standards and your data, you are ready to implement a records management program and policy. The most successful programs unite people, process and technology.
Create a document management policy. Identify the types of documents considered confidential and identify who will be responsible for enforcing the policy across the organization. Collaboration between the business, legal and IT departments is essential. Establish who should have access to sensitive information and protect files with passwords. Lastly, implement and distribute guidelines and procedures to all staff members to eliminate any confusion.
Set a document retention schedule. Identify a retention schedule based on legal requirements and internal company policies. Organizations often hold on to records that are no longer needed, which take up valuable storage space and cost money that could be applied to another aspect of the organization.
Train employees and provide ongoing communication. Educate and explain the records management program to all employees and provide training programs to ensure protocol is followed. At least once a year, conduct a review to stay current with any changing laws. Also, audit each business group to ensure consistency across the organization.
Once records are no longer needed, it is important to shred all confidential and sensitive information. Partner with a secure shredding provider that is AAA NAID-certified and PCI-DSS compliant to ensure privacy, security and compliance. A provider will place secure shredding containers in accessible and identifiable locations to make it secure and convenient for all employees to properly shred documents that have reached the end of their useful lives. On a routine basis, the provider will collect the confidential paper and securely shred all paper on or off-site depending on the preference of credit union management. Once shredding is complete, a certificate of destruction will be provided for a legal audit trail.
Hosting a shred event at your business not only helps you protect against identity theft, it is a great marketing tool to reach new members and is a service you can provide to existing members. Shredding events are often one-day events held over the weekend where community members are invited to bring their old tax returns, credit card statements or other documents containing sensitive information to be securely shredded onsite by a document management provider. You can also look for opportunities to leverage your shred event and build awareness for identity theft. While these events generate awareness of proper document management techniques and provide community members with a secure method to safely dispose information, it also provides them with the peace of mind that their sensitive information will not end up in the wrong hands.
A data breach can wreak havoc on a credit union, resulting in financial penalties and damage to its reputation. By implementing a secure document management program, you can help ensure that your business’ data does not fall into the wrong hands. By partnering with a secure document management provider that can help you host community events that educate members and prospect members about the document management best practices, you help can ensure that your community–and business–is protected.
Ed Delamater is senior director of operations at Cintas.
Contact 603-595-2033 or email@example.com