Businesses have a legal responsibility to protect certain types of data. The legislation that governs this responsibility doesn’t actually specify that certain documents have to be destroyed – it doesn’t define the security measures that a business has to use – rather how you have to treat the data.
Since risk of security breaches are high, where you don’t need to keep personal data you should destroy it. However, you are legally obliged to destroy it securely. Paper documents are best destroyed using a professional shredding service.
Find out more in our main guide to regulations.
Which documents should I shred?
According to research we carried out at Russell Richardson, a number of businesses are leaving themselves at risk by failing to destroy confidential documents, simply because the information they contain is not deemed sensitive.
The responses we obtained suggested that invoices, as well as documents detailing company organisation and structure, are relatively low priorities for shredding.
But in fact this sort of information should be considered sensitive enough to destroy securely, as should:
- documents with clients’ and employees’ personal information
- contracts and commercial documents
- office plans and internal manuals
Types of document businesses should shred
- Tax returns
- Copies of sales receipts
- Payroll information
- Bank and credit card statements
- Voided cheques
- Company structure documents
- Pricing structures
- Supplier information
- Employment records
- Appraisals and employee reviews
- Disciplinary reports
- Absence and sickness information
- Documents related to promotions
Client or customer information:
- Client lists
- Client or customer contact details
- Printed correspondence such as emails that contains information that makes people identifiable
- Photo identification documents
- Any documents containing personal information such as name, address, phone number or email address