Create a document management policy. Identify the types of documents considered confidential and identify who will be responsible for enforcing the policy across the organization. Collaboration between the business, legal and IT departments is essential. Establish who should have access to sensitive information and protect files with passwords. Lastly, implement and distribute guidelines and procedures to all staff members to eliminate any confusion.

Set a document retention schedule. Identify a retention schedule based on legal requirements and internal company policies. Organizations often hold on to records that are no longer needed, which take up valuable storage space and cost money that could be applied to another aspect of the organization.

Train employees and provide ongoing communication. Educate and explain the records management program to all employees and provide training programs to ensure protocol is followed. At least once a year, conduct a review to stay current with any changing laws. Also, audit each business group to ensure consistency across the organization.

Once records are no longer needed, it is important to shred all confidential and sensitive information. Partner with a secure shredding provider that is AAA NAID-certified and PCI-DSS compliant to ensure privacy, security and compliance. A provider will place secure shredding containers in accessible and identifiable locations to make it secure and convenient for all employees to properly shred documents that have reached the end of their useful lives. On a routine basis, the provider will collect the confidential paper and securely shred all paper on or off-site depending on the preference of credit union management. Once shredding is complete, a certificate of destruction will be provided for a legal audit trail.

Hosting a shred event at your business not only helps you protect against identity theft, it is a great marketing tool to reach new members and is a service you can provide to existing members. Shredding events are often one-day events held over the weekend where community members are invited to bring their old tax returns, credit card statements or other documents containing sensitive information to be securely shredded onsite by a document management provider. You can also look for opportunities to leverage your shred event and build awareness for identity theft. While these events generate awareness of proper document management techniques and provide community members with a secure method to safely dispose information, it also provides them with the peace of mind that their sensitive information will not end up in the wrong hands.

A data breach can wreak havoc on a credit union, resulting in financial penalties and damage to its reputation. By implementing a secure document management program, you can help ensure that your business' data does not fall into the wrong hands. By partnering with a secure document management provider that can help you host community events that educate members and prospect members about the document management best practices, you help can ensure that your community–and business–is protected. 

Ed Delamater is senior director of operations at Cintas.
Contact 603-595-2033 or [email protected]