Did you know that Elon Musk has such a sensitive sense of smell that Tesla job candidates are allegedly told not to wear fragrances to their interviews? Presumably, if you do get the gig and are going to be working in Elon’s proximity, you put your favorite cologne or perfume away for good. Hey—his business, his rules. You might not tell employees how they’re allowed to smell, but your business definitely has its rules about how employees use company payment cards, access cards and ID badges. Are your rules around card destruction as clearly defined? End-of-life data security is just as important as data security around cards and documents your business is actively using. But card destruction tends to be overlooked.
Card Destruction Matters Just as Much as Card Protection
One little card can open a lot of your company’s doors (physically or virtually) that you don’t want outsiders to be able to step through. Even expired credit cards can give thieves access about your company’s financial accounts that you don’t want them to have. So business leaders are justified to be watchful about how company cards are managed, and to have a lot of rules for how employees can use them.
For example, you might take disciplinary action if employees lose their ID badges more than once, because you can’t afford for employees to be thoughtless about misplacing a card that anyone can use to get into your office. You probably also have safeguards in place to make sure that employees with access to company payment cards don’t use those cards for personal purchases. Anyone who wants to continue working for you is required to comply with the standards you set around company cards.
While employees are in possession of documents, hard drives, payment cards, ID badges and other things that could hold your business’s sensitive data, you can hold them accountable for safeguarding these items. But managing end-of-life data destruction is the employer’s responsibility. It’s the employer’s job to verify that all obsolete payment cards and other data-storing devices are collected and permanently destroyed by a reputable shredding service.
Does Your Data Security Policy Address Card Destruction?
Card destruction needs to be addressed in your employee training materials and in your data security policy. Organization leaders can’t expect employees to comply with a card destruction policy unless that policy is clearly defined. Including the policy in your training materials gives you something to point to later on, in case you ever do need to discipline an employee for improper card destruction. It doesn’t have to be complicated; your card destruction policy can essentially boil down to “all payment/access cards and ID badges must be collected so they can be destroyed at end-of-life by a secure service.”
The collection piece is important. Some employees might look at their at-home shredders with the built-in credit card slot and think, “I can just shred this expired company credit card or plastic ID badge myself”, resulting in an improperly shredded card like the image from this article. It would be easier than having to mail or hand-deliver cards and ID badges to your company’s designated point person in charge of collecting sensitive materials for shredding.
The problem is, you can’t verify after the fact whether that employee really shredded your company’s sensitive data, or if they secretly held onto it. Internal fraud can happen in any business of any size. Even if you trust your team, it’s always possible that someone who’s greedy or in a desperate situation will try to take advantage of their insider status to defraud your business.
Educating employees about your card destruction policy tells them in no uncertain terms that your business is serious about card destruction. They should know that a specific person or specific office in your organization keeps track of collecting obsolete payment and access cards, badges and any other company property that holds sensitive data. Any employee who might get an idea about trying to hold onto their ID badge or access card when they quit will know not to bother because your company doesn’t let things like that slide. Northeast Data Destruction helps businesses manage all their card destruction needs. Whether you have a handful of expired company cards to destroy, or boxes full of old ID badges taking up space in a storage area, we can handle everything from secure pickup of your shreddable materials to permanent destruction in our NAID-certified shredding facility. Someone from your business can even witness the destruction if you wish. If you have questions about secure card destruction, don’t hesitate to ask. Contact me today.