Data Storage – Not just about good housekeeping, it’s about good corporate governance
So, it’s time to do a bit of archiving, is it? Are the boxes of files that you don’t need every day but can’t yet bear to part with building up in dark corners of the office?
For many businesses, management of paper files or data has mainly been about space – finding the square footage to keep the information safely until it had outlived its usefulness. In light of recent amendments to the Data Protection Act, however, companies have started to reconsider the implications of storing information, particularly information pertaining to individuals. There have been a number of changes to the legislation, the most significant of which is the broadening of the definition of data to include manual data held in structured filing systems, not just information held on computer systems.
This legislative change has led to a lot of businesses calling into question their filling cabinets and their filing habits.
Deciding which information to keep and which information to destroy requires planning. As an important resource, the management of business information requires careful consideration and clear policies. Failure to capture, retain and protect information can have serious legal and financial implications and can lead to a loss of customer confidence through adverse publicity. Good data management has become a fundamental part of good corporate governance.
Since the huge publicity of the Enron shredding scandal, many have come to associate the shredding of documents with illegitimate business practices when, in many cases, regular destruction of confidential information in a safe and complete manner is actually evidence of good, proactive business practice. If businesses implement confidential destruction as a standard business practice and as part of a regular business programme, they are adopting best practice procedures. Although Enron did have a document destruction policy, the actions which led to the scandal were way beyond its parameters. It was never standard policy to destroy documents 24 hours a day for 17 days continuously, including Christmas Day…
In short, the changes to the Data Protection Act include:
The Data Protection Act now applies to manual and computer files
Consent will be required in all cases before a business can process personal data
Individuals will have the right to prevent businesses from using this information for a specific purpose
The Data Protection Commissioner will have the power to carry out dawn raids and privacy audits on businesses to ensure compliance
Electronic information must be backed up and stored off-site
Disposal of personal information must be done in a secure manner.
For many businesses, therefore, much of their manually filed information has essentially become more trouble that it’s worth. The wave of tribunals and recovery of confidential documentation in landfills has made the handling and destruction of documents in a correct manner more important that ever. This, combined with the scale of the task, has created opportunities for companies which specialise in the storage and destruction of data.
The key thing in choosing a supplier is to find someone you trust and someone who can meet your particular needs. There are significant liabilities involved for the data controller, so they need to be absolutely confident that the data that they are responsible for is being looked after or disposed of properly.
Many companies are now operating document destruction policies that insist on on-site shredding. This means that you will often see the shredding truck pulling up outside offices to do the job there and then. This ensures that the documents do not get lost in the shredding process and that somebody from the company is there to oversee the activity.
For the information you need to keep, the key is to take a structured, well-documented approach. Many companies are opting for off-site file storage, not because of space but because of business continuity issues. The benefits of off-site storage of data, both manual and computer system based, were underlined by Kerry Holland, a senior lecturer in the archives department at UCD at a recent seminar in Kilkenny. “The benefits of storing documents off site was clearly demonstrated when after 9-11, merchant banker, Merrill Lynch successfully resumed operations within days as a result of copies of records and data stored off site as part of vital records protection programmes”, explains Holland. Other companies were not so well-prepared.
Other options for file storage include the electronic storage of manual files, accessible at the touch of a button over a secure web link. The initial cost outlay is higher as all of the documents need to be scanned in, however in the long run this type of service will prove more cost and time efficient, which provides a further push to companies to get their data house in order.
Ultimately, good data management and good corporate governance go hand in hand and the amendments to the Data Protection legislation are a reminder of that. Often companies end up discovering the hard way, that the manner in which they store and destroy information is all important.
on businesses to ensure compliance