Don't feed the Dumpster Divers!
There are people, known as "Dumpster Divers", who go through dumpsters looking for information about their competitors. They are out there waiting for people to be careless.
Waste disposal is probably one of the most overlooked areas of Information Protection.
We spend a lot of time and money protecting our information while it resides IN the computer, but do not think about protecting it once it is OUT on other media.
All sensitive information should be classified, appropriately labeled, and controlled according to its degree of sensitivity.
Most companies have an Employee Handbook or an Employee Code of Conduct that states "no sensitive information shall be disclosed to non-employees without due authorization." In addition, such information should not be disclosed even to other company employees unless a need to know has been established.
When sensitive information is no longer required, including information given to third parties, it must be disposed of appropriately. Shredding or incinerating are the appropriate methods. Do not dispose of sensitive material in the office trash or recycling bins. Follow these guidelines:• Magnetic materials should be shredded, crushed, demagnetized, or otherwise physically destroyed.
• Telephone directories should be shredded or incinerated.
• Outdated manuals, documentation, and procedural guides should be handled in the same manner as any sensitive materials.
• Paper should be disposed of by shredding, pulping, pulverizing, or burning.
• Ribbons should be recycled sufficiently to make the information unreadable.