Firms lack document disposal policies

Many small to medium sized enterprises (SMEs) were also unaware or up-to-date with current data protection laws on the issue, the study by Coleman Parkes revealed.

The researchers claimed that 56% of the UK's 3.9 million SMEs did not have a fully documented policy for the secure disposal of key information, and that an "alarming" 14% had no policy in place at all.

Tyron Hill, senior product manager for office equipment firm Fellowes, which commissioned the study, warned that criminals were taking advantage of lax document security.

He said: "The ideal of the paperless office has yet to become a reality. In fact, it seems we are using and disposing of more paper today than ever before.

"With increased communication in all forms, we have seen increased rates of corporate crime. Now with criminals using 'bin raiding' as a way to access corporate and personal information every company's rubbish is a potential security risk."

'To do list'

Despite the lack of formal procedures put in place, 49% of those questioned for the study said they believed that identity fraud was increasing.

Stephen Alambritis of the Federation of Small Businesses said that simple lack of time and the growing burden of regulations were partly to blame for small firms not having proper procedures in place.

"Small business owners must do two full time jobs - run their firm and also comply with ever increasing regulations and red tape," he said. "With so much to do and so little time to do it the tasks of securing confidential information and implementing a formal document disposal policy can end up on a busy owner or manager's to do list.

"However, it is worth remembering that invoices, bank statements and even headed paper can all be used for fraudulent means if they get into the wrong hands. Systematically shredding all unwanted documents will dramatically decrease a small firms exposure to corporate fraud and identity theft."

Only 49% of companies questioned for the study said their knowledge of the Data Protection Act was "detailed and fully up to date" while 24% admitted their knowledge needed "brushing up".

Shred carefully

Mr Hill added that firms should apply "three simple steps" in order to "kick-start a policy professional disposal of sensitive information."

He explained: "Making staff aware of the types of materials that can potentially lead to a breach of security is paramount. Often people are surprised to learn that every day office documents including headed paper, letters with signatures and invoices can all provide valuable information about a company or person that can be pieced together to make a fraudulent transaction."

"Most importantly of all, invest in a paper shredder and ensure any documents that contain details of financial transactions or personal information are shredded before they reach the rubbish bin."

Earlier this year the British Security Industry warned that the shredding of documents was "a more complex process than most people realise." It said it was important that documents were shredded to a size at which details could not be extracted.

It added that when it came to using data destruction firms to carry out shredding and other processes, firms should use companies meeting the BSIA's code of practice for information destruction, and which conform to ISO 9000 incorporating the British Standard for vetting of personnel.