Commentary: Protect sensitive data by improving document management practices
By Brian Garry and Sarah Koucky
Protecting employee and customer credit card data against rising fraud-related incidents is a major issue facing many restaurants. In fact, this threat is on the rise. A recent article in USA Today states that hotels are no longer hackers' first choice when attempting to steal credit card information. Instead, thieves are now focusing on restaurants – from posh hotel eateries to quick-service chains.
In addition to identity theft, maintaining and tracking human resources (HR) paperwork is another potential document management sore spot. This includes forms such as I-9s, employment applications and payroll stubs. While manually filing, sorting and retrieving this data can require an extensive amount of time and labor, it can also take up unnecessary storage space – something most restaurants do not have.
Restaurants with paper-based records management systems can substantially benefit from a secure document management program. From shredding confidential documents to imaging personnel records, new document management technology enables more foodservice establishments to stay compliant, reduce security risks and eliminate the need for unnecessary storage space, all while improving the efficiency of their operations.
Issue 1: Identity theft
Criminals are no longer looking to steal data or identity from hotels due to substantially improved computer security and document management efforts to safeguard employee and customer information. Meanwhile, many restaurant operators do not have the resources to stay up-to-date on changing document management laws and lack the right systems and processes to protect their business – exposing them to risk from noncompliance, fraud and theft.
Spurred by the threat of QSR-related cybercrimes, new revisions to current Payment Card Industry (PCI) Security Standards were implemented in January 2011 to help guide restaurant owners and operators and extend several high-level security controls to help prevent compromised credit card information within restaurants. PCI Security Standards are specifically designed by the major credit card companies to help provide additional security when handling credit card and debit card information and transactions.
While following PCI Standards will help reduce identity theft incidents, document shredding, storage and imaging programs are another way restaurants can secure their employees' and guests' personal information.
Issue 2: Compliance
Human resource records are often an overlooked area where document management practices can be improved in a restaurant. To stay compliant with agencies such as the Equal Employment Opportunities Commission (EEOC), restaurants often maintain personnel records such as applications and employment records for several years. In addition, QSRs often unknowingly employ illegal immigrants who will work while their I-9s are processed – up until they are identified as illegal workers.
Regulations to control this issue are expected to increase, so restaurants are encouraged to have a document management system in place where I-9s can be easily tracked and located to stay compliant with local, state and federal regulations. Implementing a digital imaging and hosting strategy provides secure record integrity with the additional benefits of running reports that can help confirm and validate that the potential application pool matches that of the employee base.
Issue 3: Available storage space
In addition to HR information, restaurants tend to retain accounting records such as invoices and payment receipts throughout the year as well. To preserve valuable storage space, organize documents and aggregate data, many of these documents should be imaged.
When documents are "imaged," they are first scanned and then uploaded to a secure online database. Users can then index and access these documents at anytime from anywhere with Internet access. This online database is highly protected and secure against possible access from hackers, providing additional layers of security not available with in-house systems.
Developing a retention schedule
If your business does not have a retention program in place for confidential data, such as accounts payable information, credit card or social security numbers, now is a good time to implement one.
A basic starting point is to develop a schedule based on legal requirements and internal company policies. This helps dictate when documents should be digitally imaged into an online records/content management system or physically stored in a secure off-site facility. Once your retention schedule is defined, securely shred all documents no longer needed or required to be retained. This should be done on a scheduled basis per the predetermined retention schedule
To accomplish this, many restaurants partner with a third-party document management provider that images documents, physically stores records or securely destroys business information when it has passed the point of usefulness. For shredding, these companies place secure storage containers in accessible and identifiable locations to make it safe and convenient. Where physical records are concerned, restaurants frequently establish a program that offers both outsourced record storage and/or digital imaging depending on the records weekly required retrievals and retention period.
Taking these steps will ensure information is unavailable to third-parties, organizes files for easy location and reduces the amount of space required to store sensitive data.
What restaurants can lose
Negative public relations, lost revenue and compliance issues can all directly result from poor document management practices. In fact, a recent Harris Poll showed that 76 percent of survey respondents would never return to a restaurant where their personal information was stolen. As foodservice operations look to increase margins and gain customer loyalty, a document management program can help protect and organize the vital information that keeps your business running smoothly.
You wouldn't likely leave your front door unlocked, so why leave your documents unattended? With an effective document retention schedule and document management program, you reduce your restaurant's exposure. From limiting stolen credit card data to improving compliance and increasing available storage space, a secure document management program locks up your business processes – while increasing your access to the data that drives your business.
Brian Garry is the senior director of Foodservice, Cintas Corporation, and Sarah Koucky is senior director of Security and Compliance for Cintas Document Management. Cintas Corporation is a supplier of leading facility services, first-aid, fire safety and document management solutions for restaurants. For more information, visit www.cintas.com