Paper records need to be protected

stack of cardboards

I recently had a very interesting conversation with a prospective new client. They own a small business, with several employees, lots of suppliers and a busy retail storefront along with a thriving delivery business. As we started talking about data privacy and data protection, the business owner smiled and told me not to worry. He was old school (his words) and kept everything on paper. He doesn’t trust computers. Since nothing is on computers, and certainly not on any cloud, he said he has no data issues….I asked him where he kept all these paper records. They are in cabinets in the storage room near his office and the employee break room, not far from the door that separates the retail space to the back rooms. There is a lock for the door, but it’s convenient to keep it open during the day for busy foot traffic. Plus, several employees routinely access the files to add information and fill requests.You can probably see where this is going. The data he has collected on employees, customers and suppliers is kept in an area that could easily be breached by outsiders, or even by an employee who becomes disgruntled – either with the business, the owner or a co-worker. It’s true the business doesn’t need to worry about data breaches as we now think of them. However, the overall issue remains the same. The business is in danger of having its data compromised, and doesn’t have any procedures in place to make sure they are collecting only relevant data, and only keeping the data for as long as they need it. This owner was quite proud of the fact he has “never thrown out a piece of paper”.Data protection really has nothing to do with technology. It’s about how you handle data, how you secure data and when you dispose of data you no longer need. You also need a clear policy that explains all this to your customers, employees and suppliers. Finally, you better have a plan in place in case either someone asks to see what data you have about them (it’s probably their legal right), or what you would do if all your data suddenly is compromised; used for illegal or embarrassing purposes or lost.

In real life, most businesses have a combination of data stored on computers or in clouds, and paper records kept on certain parts of the business (likely employees and suppliers). It’s important to recognize that every business – regardless of size or storage method – should have a privacy policy in place. Equally important, more and more consumers will only do business with companies who they feel handle their data safely and responsibly.

Education is key. We are here to help you get started. There is no cost for an initial consultation.

Ian’s Insights

Leave a Reply

%d bloggers like this: