Protecting Sensitive Business Information

You went into business to provide a product or service. You certainly didn’t expect your day-to-day to feel like a spy thriller, replete with hacking, espionage, stolen identities, and malfeasance. And yet, here you are. Barefoot Professional Investigations has helped several businesses get back up and running after events like these, providing private investigator computer forensics as well as computer debugging near Charlotte, NC. The lessons we’ve learned over the years can help keep you safer.

What Kind of Information Do Businesses Need to Protect?

There are three main categories of records that businesses need to preserve for varying lengths of time, and to lock down while they’re in storage. 

Corporate Documents

The many legal documents that were drafted during the establishment of your business will be with you for the life of your business. Even as they’re updated with the times, it’s a good idea to preserve previous versions, whether it’s your bylaws, information on your board, articles of incorporation, the information surrounding your IP, and other essentials like your fictitious name registration.

Employee Records

Time periods for retention vary for employee records. EEOC rules require records relating to the hiring process — from advertisements to resumes and the results of employee background checks — for one year. Employee contracts should be kept on file for one year; we suggest one year from the date of termination or separation to be on the safe side. 

Payroll, I-9 forms, OSHA paperwork, worker’s comp records, and many more files must be retained for varying lengths of time as well. Consult with the state and federal government for publications, and make sure these regulations are followed. Also bear in mind that any files containing sensitive ADA, FMLA, or HIPAA-related information must be kept for the same period of time, but must be kept separate from other employee records to preserve confidentiality.

Financial and Legal Documents

Here, there’s such a wide variety of document types that the easiest way to explain retention is as follows. Keep any documents of this nature on file for the period that the agreement (contracts, annual reports, loans, leases, licensure and permits, insurance policies, and the like) is in force, and for three years after that date. The exception is payroll tax records, which should be retained for seven years.

Data Retention and Protection for Businesses

The information above does come with a couple of caveats. First, there are often industry and segment-specific rules and regulations that govern records retention and data security (HIPAA, Sarbanes-Oxley, and many others among them), and it’s imperative that you stay on the right side of those regulations. Second, accidents both natural and man-made can happen, and when they do, they can wipe out assets, inventory, and records in the blink of an eye. So it’s equally important to have backups, preferably with a few layers of redundancy for added protection. It’s not enough to have everything on a few laptops, a hard drive, or an on-site server; servers should be mirrored off-site, copies made of paper documents, and digital media backed up to a cloud-based solution with excellent encryption.

Safe Data Destruction for Businesses

There’s another step in data protection that you cannot afford to overlook: data destruction. Whether it’s document destruction or the wholesale erasure of digital files and records that are no longer needed, being careless can lead to data breaches that can destroy your reputation — and, given the cost of legal settlements, your business too. A cross-cut shredder is fine for a home office, but for wholesale document destruction, it’s best to enlist the help of a company that specializes in safe disposal; many will also assist with the safe destruction of hard drives and other storage media.

Responding to Threats

We live in a time when information isn’t just knowledge; it’s power, currency, and leverage. It can make or break your business, your bottom line, and your reputation alike. Because of this — and the legal and liability exposure it brings with it — it’s important that every scrap, bit, and byte of information that crosses your threshold is protected by strong policies, strong firewalls, and vigilant employees. 

As important as preventive measures are, they’re not a panacea. So if your best efforts fall short, call Barefoot Professional Investigations. We’ll work as hard getting your business back on track as you and your employees work to build and grow it every day.
Supplemental reading: the National Federation of Independent Businesses has a publication spelling out both the importance of having a document retention policy (DRP) and the process for setting one up effectively.