A Compliance Manager was concerned that the current mixture of in-house shredding and part-outsourced shredding for some departments, was a potential reputational and DPA risk. They asked The Shredding Alliance to review data practice and recommend a joined-up approach representing zero tolerance data protection breach and a better recycling and environmental outcome. Initially this was for the HQ (one of eight offices employing 200 partners and over 500 associates and consultants and other fee earners.
What we did
We reviewed site output of data (paper, electronic) and current information security practices. We recommended a combination of locked ‘auto’ consoles as well as wheelie bins for the print and post departments and an 8-week service schedule designed to minimise annual expenditure. In parallel, we helped the company introduce a shred-all paper and recycle strategy – meaning that all employees were encouraged to put all paper in secure shredding consoles for shredding and recycling. A combination of internal comms aides including lift stickers, posters and desk cards were used by the company to introduce and enforce a new culture towards paper, data risk, identify theft and keeping confidential information totally secure.
Outcome
The initiative was successful and after 6-weeks it was rolled out over 2 months across all eight offices. Since all paper is weighed, The Shredding Alliance has been able to recommend an adjusted 4 and 8-week on-site shredding service cycle which optimises collection and minimises annual expenditure. The company have accurate recycling data and they were able to convey carbon off-set and recycling statistics in their literature to underline their commitment to client confidentiality, corporate governance and environmental impact. More recently, The Shredding Alliance has been asked to handle Dry Mixed Recycling in one consolidated contract.
Case study 2 – a Local Government administrative centre (North West)
Situation
An Office Manager was concerned that staff and contractors were not always correctly selecting what paper to deposit in bins for secure shredding, recycling and general waste. The Shredding Alliance were asked to review waste management practices, outputs and recommend a solution which would protect the administrative centre and workers – complying with the DPA but maximising recycling.
What we did
We reviewed waste output by department by floor and concluded that Dry Mixed Recycling (DMR) and separated paper for shredding and recycling represented a simpler solution and maximised recycling. We installed secure consoles and locked wheelie bins throughout all departments and helped the Office Manager communicate a new data security and recycling office policy and compliance strategy. All paper is now shredded and recycled. DMR is also offered to consolidate waste and maximise recycling.
Outcome
A shred-all policy is applied to all paper which removes any decision employees and associates have to make about what is confidential or potentially commercially sensitive. Staff know that all paper is shredded and recycled. This helps the centre comply with DPA obligations, keep personal data secure, guards against identity theft and fraud. Overall recycling has increased 30% after 12-months.
Case study 3 - NHS Hospital Group (England)
Situation
An in-house Facilities Manager was reviewing information security and compliance with the Freedom of Information Act. She wanted to ensure uncompromising compliance, tightest possible data security and appropriate risk management when archiving and destroying out of date patient records and confidential information.
What we did
We reviewed departmental and central data processing and management of paper records. We recommended a combination of secure consoles, secure wheelie-bins and scheduled archive purge / clear-out service visits designed to keep confidential information secure at all times, mitigate risk, ensure compliance with all legislation and best practice and boost recycling.
Outcome
The Hospital Group got a ‘fit for purpose’ information security audit and assessment which enabled clinical teams, departments and centralised administration teams to manage data and paper records responsibly and securely adhering to BSEN15713. They moved to secure consoles and secure shredding bins wherever they were required and recommended – with all material shredded and recycled. By amalgamating secure document management and shredding, archive destruction and recycling with an ISO 9001 (UKAS approved) firm, centralised costs were lowered and the Hospital Group achieved greater peace of mind.