Guidelines for good practice in paper disposal
Appoint a data controller
They are responsible for the control of personal data. The ICO (information commissioner’s office) should be notified of any data breaches.
Check all paper waste is being destroyed
It’s difficult to educate staff in what’s confidential & what’s not – far simpler to destroy everything. All shredded paper is recycled after destruction so the environment will benefit.
Check security/access of storage receptacles
Sacks should be tagged & stored safely. Bins/cabinets should be secure with key register
Check shredding company has relevant credentials
Any shredding company should have at least ISO9001:2008 & should be able to provide evidence of regular auditing. Off-site facilities should be checked periodically.
Collection staff should be uniformed & carry identification
Always check collection staff are who they say they are.
Check there is an audit trail from collection through to certificate
The collection docket left after the service should match up with certificate of destruction. Copies should be held on file for 2 years.
Educate staff about their responsibilities & best practice. Locate collection units in easily accessible areas & mark them clearly,