Printer Friendly

Security goes green.

Security Goes Green

AN EXECUTIVE AT A LARGE CORPORATION drafts a proposal for a new high-tech product. An assistant makes copies of this proposal, then discovers several typographical errors in the text. The assistant informs the executive of the errors and generates correct new copies. The assistant then puts the old copies in the recycling bin in the hallway.

Later that day, an employee from the corporation's recycling contractor picks up the wastepaper. When the recycling employee leaves the area, he passes the proposal, which contains proprietary information, to a representative from a competing company.

Why and how did the recycling process at this corporation turn from an environmental benefit to a potential disaster for the company? Moreover, how can a security manager help his or her organization do its part in the recycling effort while maintaining a secure environment for its sensitive information?

Recycling waste material is an integral part of today's environmental movement and is likely to remain a way of life in the future. American businesses generate 40 percent of the waste in the United States, 80 percent of which can be recycled.(1) A recycling program can be effective, but it also must be developed and implemented carefully. One of the key concerns relates to the type of information an organization generates.

An organization should begin a recycling program by evaluating whether any of the information it wishes to recycle is confidential, proprietary, or sensitive. "Part of the problem with recycling is that when the information goes into the recycling bin, people think the information is safe. In reality all the information may be sorted through, explains Richard J. Heffernan, CPP, chairman of the ASIS Standing Committee on Safeguarding Proprietary Information.

In 1988, the US Supreme Court ruled that Fourth Amendment protection against unreasonable searches does not apply to garbage left for collection.(2) Consequently, anyone can sort through a company's garbage, or in this case the company's recycling bin, and claim material as his or her own. Indeed, once the papers is in the trash, it has little or no protection.

The security manager in an organization must determine what papers or types of papers actually require destruction before being recycled. According to industry experts, once the company has defined the types of sensitive information it possesses, it should evaluate the several options available for safeguarding the information before recycling it. A company may choose to use an in-house method of document destruction, hire an outside service to destroy papers, or simply do nothing to destroy sensitive information before it is recycled. The security manager should examine each option carefully and choose the one that suits the needs of the particular organization.

In-house document destruction. Referring to preliminary results of an ASIS technology theft survey, Heffernan notes that many respondents said they had trouble safeguarding information against insiders. In the past, a company may have burned paper to ensure destruction of information. However, for environmental reasons, this method is not commonly used today.

The main way to destroy information is to use one of two different types of paper shredders--straight-cut or cross-cut. In either case, shredding is often the most secure method of destroying information. In these cases the company assumes the responsibility for destroying their own documents.

A straight-cut shredder, as the name implies, cuts paper in straight, thin strips of varying widths. A crosscut shredder cuts paper twice, with the result being small, confetti-like pieces. "If a company is extremely sensitive about their information, they would want to cross-cut it," says Ralph Mercogliano, a representative of C. R. Resources. A distributor for Kutter paper shredders, C. R. Resources also helps implement recycling programs by arranging for outside vendors to pick up recyclable paper that has been shredded.

However, an organization should first ascertain whether its type of shredded material can indeed be recycled. Alan Mitchell of Earthworm Inc., a nonprofit recycling service in the Boston area, notes that some recycling vendors may not accept shredded paper--particularly crosscut paper--for two reasons.

First, shredded paper is a low grade of paper in that contaminants such as carbon paper cannot easily be separated from it in the recycling process at the paper mill. Second, if the pieces of paper are too small, when they come out of a pulping machine and are sprayed over a screen to be rinsed, they may fall through the screen. In any case, an organization may want to be certain that the shredded matter it produces can be recycled. If not, the shredded matter might be able to be used as packing material.

Because Earthworm Inc. often works with such customers as medical institutions and law offices, which require confidentiality of documents but may not have paper shredders, it has other methods for keeping information secure. A client can store sensitive documents onsite in a locked recycling container and then have Earthworm, or a vendor the company works with, bring a shredder there to destroy the material.

Banks, high-tech companies who do work for the government, courts, and business storage companies are other types of organizations that need shredders, says Don Turner, a representative of Shredex Inc. Because of their large amounts of shredded material, "Some companies may even need a conveyer type of system," says Turner.

If a company decides to shred certain materials on-site, it should address what size of shredder to purchase as well as where the shredder should be located. John Wagner, president of Allegheny Paper Shredders, observes that while some small shredder units are more popular than in the past, the demand is growing for larger units that can handle high-volume shredding.(3)

Shredex's Tony DiGiovanni adds another dimensions: "Styling is becoming more important as shredders take their place in the front office. Users are leaning towards compact, well-styled models."(4) ASIS's committee chairman Hefferman notes that people tend to shred their papers on a more regular basis if the shredder is in a convenient location. He suggests putting shredders in the actual offices that generate sensitive information or next to photocopying machines. Heffernan adds that staff time, maintenance and equipment costs, and dust and noise produced by the shredders are several disadvantages of in-house document destruction.

Out-of-house document destruction. Many organizations that recycle choose to have all their unshredded paper--sensitive and nonsensitive--picked up by a recycler. In this situation the client might assume the recycler is secure; that is not always the case, however.

The recycler's operation and building sites should be carefully checked. Heffernan recommends the client request the option of visiting the recycling facility unannounced to ensure the facility's physical security. These visits and checks should be made constantly. Heffernan also advises that clients "periodically check to make sure the [recycling or disposal] company is fulfilling its obligation regarding sensitive material."

As an added measure, an organization may want to follow the recycling contractor's truck to guarantee the security of confidential or proprietary information. Also, it pays to make sure the recycling company's other clients are not competitors. Compared to in-house document destruction, a company that uses an outside service or recycler may have lower disposal costs and find that the entire program is easier to implement.

Recycling companies may also be bonded. This means that the baled paper stored at their site is insured against theft. Charles W. Poland of Environmental Recycling Inc. explains that some recycling companies issue an affidavit for all material that is destroyed. This affidavit describes how and when the material was destroyed.

J. Rodney Edwards, vice president of the Paperboard Group at the American Paper Institute, explains that typically, through external services, companies that generate large amounts of sensitive information send all their paper waste to paper stock plants. About 1,400 of these plants operate in the United States. At these plants the material is torn into large shreds, baled with hundreds of pounds of other paper, and then sent to paper mills for recycling.

At the paper stock plants, the shredding area is commonly secured behind fences. When the shredder is in operation, the area is guarded by a security officer. When it is not in operation, the whole area, including the paper, is locked up.

To maintain a secure environment, Poland advises that people searching for contaminants, such as colored paper and carbon paper, at a recycling facility not be allowed to sort through paper unattended. Poland also says some companies use locked containers on-site to protect proprietary information from insiders before it is taken away by the recycling company.

No document destruction. Some companies may choose not to destroy sensitive waste information. However, to refrain from destroying confidential or proprietary information before it is recycled is to ignore several potential risks. According to Heffernan, not destroying sensitive material before it is recycled

* exposes the company to litigation,

* breaches clients' confidence,

* increases disposal costs, and

* gives an unearned advantage to competitors or outside forces.

As government regulations become more strict, businesses that do not already recycle paper products may be required to do so. Fortunately, there are a number of ways in which organizations can effectively secure their wastepaper as well as play a role in safeguarding the environment.

(1)James S. Pond, "Special Report," Today's Office, March 1991, p. 35. (2)California v. Greenwood et. al., U.S. May 16, 1988. (3)Eileen McCooey, "Concern About Document Security Helps Spur Shredder Sales," Office World News, February 15, 1989, p. 16. (4)McCooey.

Jennifer Kornegay is production editor of Security Management.
COPYRIGHT 1991 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1991 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:recycling without jeopardizing confidentiality of documents
Author:Kornegay, Jennifer
Publication:Security Management
Article Type:editorial
Date:Aug 1, 1991
Previous Article:The weak link.
Next Article:Drug Testing.

Related Articles
Uncle Sam's green wallet: will federal spending support environmental technologies?
The ways in which recycling pays: large or small, there are ways your company can help the environment.
Summit brings schools together for a greener world.
Emerald honors.
Data wipes.
Back in the bin.
More Alaska businesses going green: from using energy-efficient bulbs, to recycling, to developing wind farms, companies see cost savings and benefit...
Goldman Recycling offers green disposal alternative.
When less is more: from less- to zero-waste philosophies, Colorado companies go beyond recycling.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters