Information security should always be a top concern for any franchisee. Protecting your clients and the franchise’s sensitive information is important and most franchisees take information security seriously when it comes to digital documents and cybersecurity threats, but are severely lacking when it comes to the security of physical documents. Paper records are still a thing franchisees frequently deal with and unsavory people could still access sensitive information through these documents. This means your location must have a process to create and store physical documents if the franchisor does not have one.
Today is a digital age, but physical document storage and destruction is still an essential part of your security plan as a franchisee. Here are a few tips to help franchisees store and destroy physical documents properly.
Document destruction is more than throwing out the trash
When it is time to destroy important documents you can not just throw them in the trash or put them through a rudimentary shredder. Physical documents must be destroyed securely with the protection of Franchise and client information in mind. Not taking document destruction seriously will mean increased liability for the franchisee and the franchisor. It only takes one visible name or number on an important document to put the franchise and client information at risk.
You are legally obligated to dispose of sensitive information securely. The Fair and Accurate Credit Transaction Act (FACTA) requires all businesses and employees to take appropriate measures to dispose of sensitive consumer information. Shredding, pulverizing, and burning documents are considered reasonable measures.
Improperly disposing of documents can lead to penalties for your franchise. Hiring a secure document shredding company is the best way to ensure your documents are destroyed the right way so they can never be used again. Any document shredding company you hire should be NAID AAA certified to ensure a third party has confirmed they comply with all known data protection laws.
It is not recommended to shred important documents yourself, but if you do you should use a cross-cut shredder instead of a strip-cut shredder. Shredding and disposing of documents only works if you are a small franchise with a few documents to dispose of. Do not do this if you are a larger business since only an industrial shredder can deal with a large number of documents.
Hire a secure document shredding company to dispose of your sensitive documents.
Know record retention laws and company policy
If you are a franchisee storing physical documents for corporate or storing physical documents for clients you must understand the record retention requirements for those documents. Make sure you understand State and Federal record retention laws. For example, you should retain at least three years of tax records in case you are audited. HIPPA-related documents must be retained for a minimum of six years.
Jerry Dilk, Director of Business Development at secure document storage company Data Storage Centers, in Phoenix, said that knowing record retention laws is the best way to avoid exposing your franchise to unnecessary liability.
“It is so important to understand the records rules and regulations of your state,” Jerry Dilk said. “If you and your team know the requirements you are never going to be stuck without the proper documents when someone such as the IRS comes to pay a visit. Protect yourself by knowing what documents you need to store and for how long.”
It is important to note that many record retention laws vary from state to state. Here is a list of record retention laws by state that can help you out if you are unsure what is required in your state. https://brechner.org/records-retention-schedules-by-state.
It is also important that you speak with your franchisor about record retention requirements at your franchise.
Monitor documents and track who has access
It is important to know what documents you are keeping. A franchise can contain legal documents, financial documents, and even medical documents. All of these documents must be labeled and tracked separately. Don’t just put sensitive documents in a room or a filing cabinet, and ignore them for years. Create an Excel spreadsheet, word document, or other program that can show you what specific documents are being stored. A good program will let you know what a document is, who stored the document when they stored it, and when that document should be securely destroyed. A tracking system lets you streamline your document destruction and retention decisions.
All physical documents with sensitive information on them should be stored in a secure room that only a short list of approved people have access to. This means this storage room must be locked and inaccessible to a vast majority of your team. If someone goes in that room you are tracking when they entered, when they left, and why they entered that room. A controlled access plan establishes a clear chain of command in your security process and creates an access history you can track if a document goes missing or stolen. You should track anyone who enters the room but you should at least only give a key or access code to a few people. The more people you give access to the less secure the space will become. Taking the simple step of creating a secure room for your documents will improve your document security.
Physical document security is still an essential part of any franchise’s security plan. As long as physical documents exist you should take their security seriously at your franchise. Implement a security strategy that tracks what documents you have and who has access to them and you will create a document security plan that cares about client and franchise’s information.
Joe Caradonna is the owner of PROSHRED Arizona. PROSHRED Arizona is a secure document shredding service. They help businesses safeguard their private information.