November 16 to 22, 2014, is International Fraud Awareness Week, and businesses across the UK are learning more about how to protect themselves from the impact of business fraud. Protecting against fraud means keeping confidential information safe, and also destroying it safely and securely. One problem area for UK businesses is the overall lack of awareness about the type of documents and information that should be classed as confidential. Not understanding what information is confidential leads to this information not being properly destroyed, which raises the risk of identity theft and fraud.
Data and Documentation on Employees and Customers
Many businesses in the UK do not believe that they have any information that could be classed as confidential. If a business is not a law firm, or an accountancy firm, people believe that the information they deal with is not deemed sensitive or confidential. However, all businesses – whether they sell mobile phones or cupcakes, or offer services from gardening to business consultancy – have material and documentation that is classed as confidential under UK data protection law. This information includes all personal and professional information about people, including employees and also clients and customers. Keeping a file of casual employees with their addresses and telephone numbers is confidential. Keeping printed-out emails with customer addresses and orders is confidential. Records of employee disciplinary actions and comments on employee work quality are confidential.
Most businesses will probably be aware that the financial details of customers and employees are confidential, including credit card details, bank details, and payment details. The risk of being fined and suffering the huge reputational damage associated with customers’ credit card details being lost to criminals means most companies put security procedures in place to combat payment fraud. But do you securely destroy client invoices when they are not in use? How about detail related to employee bonuses? A system of Confidential Shredding, says simplyshred.co.uk, must be put in place for any material that contains any financial detail relating to other people.
Employees Leaving the Company
Businesses are at particular risk of confidential data theft when employees leave the workplace – often under negative terms, for example if an employee is made redundant. Data that is classed as confidential, which is often taken by disgruntled employees or ex-employees, include client lists, patents, forward-looking business plans, research into competitors, and other information that is not routinely treated as confidential in the workplace when employees are putting together reports or documentation. It is important to be aware of which data could be sensitive when removed from the office, and keep it under lock and key. Again, a confidential shredding system is important so that materials and paperwork that may not be needed anymore are securely destroyed and are not left on desks or in filing cabinets. If you wouldn’t want to show the documentation to your major competitor, you shouldn’t leave it in a pile on your desk or take it home with you in your briefcase.