While some industries are regulated on how they must manage client information — financial institutions, medical practice, and legal offices — others follow ethical guidelines rather than specific laws. It is best practice for all companies, regardless of their business, to keep client information protected including name, address, email address, phone number, and the nature of their relationship with your company. Information that requires protection differs based on what the information is and how it could affect your client or someone else if the information gets into the wrong hands. Information security levels dictate how the information must be stored, retained, and disposed of. Here, we will discuss a few common information security levels to help you better understand how to protect the information you have been trusted with.
Classified information is any material that the government has declared as sensitive and must, legally, be protected. Access to classified information is restricted by law and granted on a need-to-know basis using a security clearance. Mishandling classified information results in legal repercussions. Classified information is broken into several subcategories as it pertains to who can access the information, how it must be safeguarded, and the destruction of the information.
Top secret is the highest level of classified information and designated to information that would cause “exceptionally grave damage” to national security or the persons listed in the information. This information must be safeguarded to the maximum using restricted print and password protected. Security clearances must be verified as well as the need-to-know prior to accessing the information. It must be stored under lock and key and must be destroyed of in such a manner that it may not be recovered — cross-shredding and incineration.
Secret information is that which could cause serious damage to national security or the lives of the people whose information is contained in the documents. This information should be limited to those who hold a secret security clearance and have a need to know. Safeguarding and destructions should be handled in the same manner as top secret information.
Confidential information is that which may cause damage to national security or individuals if the information was released to the public. Confidential information should be kept in a locked area and clearly marked as “confidential.” Destruction of the information should include methods that make the information unrecoverable. Protected health information falls into this category.
Restricted or Private
Restricted or private information is that which should not be made public. This information may be shared by members of an organization but should be protected from the public.
Unclassified information is that which would not cause damage or threaten national or individual safety if it was made public. Storage of such information does not require safeguarding and can be destroyed of in the regular trash.
Whether the information you are entrusted with will cause a threat to national security or not, it is important to remember how that information affects the person it belongs to. While you may run a delicious coffee and bagel shop and think that the information you toss into the trash is no big deal and couldn’t possibly hurt anyone, a tossed out home address of one of your customers could be just the ticket that a stalker needs to get one step closer to their prey. This is a pretty extreme example, of course, and one that isn’t as likely as some other examples of how seemingly innocent information can be misused. Criminals are devious and look for any information that can help their plans — credit card information, social security numbers, home address, even patterns, routines, and habits. It is a good idea to safeguard any information that has been trusted to you as if it was your own classified information. Use locking filing cabinets or even a room that locks to store files and information. Don’t leave other customer information out on the counter in the view of other customers. And, when it is time to destroy the information, consider shredding it!
When it comes to shredding, it is a much easier process than you might think. There is no need to sit at a shredder and insert sheets of paper one at a time. Simply use a locking collection point and hire the team at Shred 2 You! We bring our shredding services to you and can either destroy your documents on-site or securely transport them to our facility to shred them there. We use industrial cross shredders, so information will be impossible to recover. We can then incinerate or pulverize the shreds, which can then be recycled. Let Shred 2 You help reduce the clutter that is stored and help you dispose of documents of any classification level, safely. You can rest assured that you didn’t let any information leak when you let us handle your disposal! Contact us for a quote or to schedule your service today.