by Jesse Wilkins, Docume.nt Magazine
12-01-2006
All documents have a life cycle: from creation, through publication, to access and retrieval, to storage and archival and ultimately, to disposition. But the final step in this life cycle presents a challenge for far too many organizations. On the one hand, it seems every week there is another account of a company or governmental body and its leadership facing sanctions for destroying information. Yet, on the other hand, many organizations face problems for not destroying information, thereby leaving inappropriate, embarrassing or even incriminating documents to be found and used. So what is the answer? How can organizations come to grips with effective information management, including the final disposition of documents? What are the legal issues involved with destroying information? What about electronic documents — how do we deal with them? And how can organizations destroy their documents effectively and securely?
Destruction is NOT Spoliation… Necessarily
Before firing up the shredder, there are a couple of factors to consider. The first, and maybe the most important, is whether the organization should get rid of a particular document. In other words, what’s the consequence of destruction? Many organizations have a records management function whose purpose is to identify information with specific requirements for retention and to ensure that processes and technologies are in place to safeguard such information until destruction. However, before being destroyed, this information must meet three tests. First, is there a statutory requirement to retain information for a certain period? For example, organizations who meet the SEC’s definition of securities brokers must store certain information for three years. In fact, almost every organization is subject to some sort of statutory retention requirement. But this process gets more complicated when determining what requirements apply to a particular organization. Therefore, records managers are the information professionals charged with determining such requirements, in conjunction with the legal staff, and defining the procedures with disposition instructions to form an organization’s records retention schedule. The records managers, in turn, monitor compliance with this schedule.
Second, is the information related to any legal actions? When shredding is portrayed in film or television, the act is almost invariably related to some type of cover-up — either of official misconduct or of embarrassing implications. The legal term for this is spoliation, and Black’s Law Dictionary defines it as, “the destruction or alteration of evidence.” Yet, this definition does not note that spoliation can lead to significant sanctions, including the adverse inference instruction, which instructs a jury to assume that destroyed information would be prejudicial to the case, whoever destroyed it, and find accordingly. The duty to preserve, rather than destroy, starts as soon as litigation begins or is reasonably anticipated. In other words, clear destruction plans with the attorneys.
Third, absent of either the first two requirements, is there an ongoing business requirement to maintain the information? Potluck announcements, chain letters and photocopies of original records generally have limited business value beyond a certain period. For example, there is no specific legal or regulatory requirement to keep my PowerPoint presentations, but I hold onto them so I can reuse the information in future presentations and because attendees and clients sometimes request them. Note I don’t keep the printed version of such presentations — that’s a convenience copy — and divest of it as soon as the presentation ends. In most cases, if you keep multiple identical copies of the same document, one is the copy of record, or the official copy, and the rest are convenience copies, which can be destroyed. However, the emphasis should be on identical — if there are notes or other changes between versions, each version needs to be reviewed. Here, too, the records management function can assist by providing guidelines for non-records, convenience copies, publications and the like.
Finally, is the information sensitive? Far too many people and organizations still throw away their sensitive documents — such as credit card statements — and face the nightmare of identity theft after thieves go through the trash or the outside trash receptacles of buildings to gain access to confidential data. Scrap paper, periodicals, catalogs and junk mail — all those can be discarded. Everything else should be reviewed as to whether there is any sensitive information present, such as health information, names and addresses, Social Security numbers, account numbers and the like.
In-House or Outsource?
Your organization has done its due diligence, and now, there is a pile of paper documents that needs to be eliminated. The next consideration is whether to handle the destruction yourself or to outsource this responsibility. If destroying small amounts of information, it’s much cheaper to undertake this job in-house. But if disposing of hundreds of thousands of records, or if measuring your shred by the ton, you may wish to consider outsourcing. Moreover, another option for outsourcing is to have the contracted company perform the destruction at your site — where they bring a truck and carry out the destruction on the spot.
There are hundreds of disposal vendors available to organizations. In considering whether to outsource, the usual rules apply with regards to due diligence. There should be an auditable process for destruction (some outsourcing providers allow organizations to witness the destruction of their particular documents); sensitive information should be locked to protect against accidental disclosure until it is destroyed; the facility itself must be secure; and destruction must be complete and unrecoverable. PRISM International provides a guide for selecting offsite information management, including destruction services. In addition, the National Association for Information Destruction (NAID) also offers a number of brochures and white papers on outsourcing document destruction.
The key to destruction is to actually do it or to ensure that the outsourcing company does it. Many organizations save up their document destruction for “shred days,” when all the information is gathered once a month/quarter/year and destroyed all at once. This is usually accompanied by an internal article or press release that notes how many tons of information, tape reels, etc. were destroyed or recycled. But the problem with this approach is this: Information that has been pulled to be destroyed, which sits next to the shredder or in recycle bins, is still discoverable and would need to be produced, if requested. These shred days are great for raising awareness about destroying credit card solicitations, statements or other personal or sensitive information but should not take the place of an ongoing destruction program in accordance with the records management policies and procedures.
To Shred or Not to Shred…
Today, organizations must turn their attention to the different ways in which they can reduce paper — and electronic information — into their component parts, respectively. There are a number of ways to get rid of paper; these are generally ordered from least to most destructive — and, therefore, least to most secure.
Strip shredding: These are the most common shredders found in the home and in smaller offices. Paper documents are shredded into long, thin strips ( 1/4” is a common width). These shredders are inexpensive and work well for smaller amounts of documents, but strip-shredded documents can be reassembled fairly easily.
Cross-cut (confetti) shred: These shred both horizontally and vertically, creating very small, thin strips that look like confetti. They are more difficult to reassemble and, therefore, are more secure, but such shredders cost more.
Pulverization: Documents are fed into a pulverizer that uses a combination of surfaces and pneumatic or hydraulic “hammers” to reduce paper into fibers and dust. The pieces are not recoverable. This must be done through a commercial vendor, either as a supplier or outsourcing solution.
Incineration: Documents are burned at high temperatures into ash. These documents are unrecoverable.
Pulping: Paper documents are ground and mixed with water or another chemical, which produces a paste or pulp. In many cases, this pulp is then recycled to create new post-consumer paper products.
The amount of information generated each year continues to explode, and for the typical organization, more than 90% of such information is in an electronic format. Electronic documents themselves don’t take up the physical storage space the way paper documents do, but, in fact, they may be stored on physical media, which will need to be physically destroyed.
Backup tapes: These can be physically destroyed in industrial shredders. But organizations may also choose to recycle certain types of magnetic tape media, in which case, the approach is to degauss them using a strong magnetic field. Beware that if the degaussing is done improperly, some of the original data may still be available. Degaussing tools are also not readily available at the local office supply store.
CDs, DVDs and other optical discs: Higher-end shredders and pulverizers can handle these media formats. But if they are in a cartridge, they may need to be removed from the cartridge before being shredded, as with floppy, Jaz and Zip disks.
Magnetic hard disk: Physical destruction is still the most secure method, but like the other approaches, results in the complete destruction of all information on the disk. For especially sensitive information on a disk, the National Industrial Security Program Operating Manual (NISPOM) recommendation is to incinerate, pulverize, shred or melt the disk AFTER first degaussing and performing a character overwrite.
The Delete Key… Doesn’t
Even stored digitally, electronic records present unique destruction challenges. When a document is deleted from rewritable media (such as magnetic hard disks and CD-RWs), the document is not actually deleted. Instead, the system marks this space on the storage media to be overwritten in some future operation. In fact, that information remains in place until it is overwritten — and depending on the technologies used, may still be recoverable using specialized computer forensics tools. But there are a couple of techniques to render information unrecoverable: forensic deletion and encryption. In the first, the sectors of the disk used are overwritten with a pattern of data a number of times. The standard most often referenced here is DoD 5220.22-M, the NISPOM.
The second approach relies on any number of different encryption techniques and algorithms. This process can be reversible in some implementations, but a common approach is to encrypt the document at the time of storage and provide the system with a decryption key. When the document is deleted, it is actually the decryption key that is discarded, rendering the document unintelligible. With strong enough encryption, the document can be unrecoverable using existing decryption techniques.
Destroy with a Plan
It’s okay to destroy information — sometimes. Destroying documents that have outlived their usefulness and statutory retention requirements can free up valuable space, both physical and electronic, and make the organization more efficient. But before you fire up that shredder or Dr. Evil-sized magnet, make sure your records management and legal staff approve.
Jesse Wilkins, CDIA+, LIT, ICP, EDP, ERMM, is an expert in electronic records management issues and a frequent speaker at industry events on electronic records and email management. For more information, email Mr. Wilkins at jesse.wilkins@imergeconsult.com.
Download: Full Article in PDF Format