Confidential document storage: How do I store confidential documents securely?

At Restore Records Management we have over 30 years of experience in the safekeeping of documents and storing confidential information.


All the way from personal and patient records in health and social care to employee and HR records, property deeds, insurance claims and legal documents.


Whatever sector your business operates in, the need to keep sensitive documents safe, and to protect against risk from data breach or other criminal activity, is high.

Jez Tibbetts,
Service Delivery Director

How do I store confidential documents securely?

Let’s answer this in two parts:

If you currently store records at your own site:

The first thing to consider is whether storing those records offsite would be safer and more secure.
The reality is that outsourcing to a specialist – a records management partner – is almost always safer and more compliant.

Think about all the documents currently stored in your office, factory or warehouse. Can you honestly say you know where every document is and who has access to it?

What normally happens is that documents stored on-site are too easy to access, which means they end up everywhere. On desks, in filing cabinets, in drawers – or even left on the photocopier or printer.
That’s a big security issue and means your valuable data is not being looked after safely. It might seem convenient to have them all ‘close at hand’ but in reality you’re creating increased data risk – and losing track of your data in the process.

If you currently store your records offsite with a records management partner
The good news is that you have already taken a step to increase the safety and security of your data assets.
The next question to ask is whether your records management partner is doing everything possible to keep them safe and secure (and whether you are utilising every possible service to increase the security of your documents and data).

Best practices include:

·   Security tags on every box.
·   Barcode on every box so that it can be easily tracked.
·   Barcodes on files and documents inside the box so that you always know where your data is.
·   Files stored in highly secure premises and protected from water damage and fire.

The quality of the box matters

You should also consider your own responsibilities. For instance, files should be stored in robust boxes which are not over-filled.

Boxes that are falling apart or too full create a security risk – because it’s easy for documents to fall out or get lost when they are moved.

Keeping documents safe at your own premises
It’s also important to think about how you protect documents which remain on site. Including the ones you retrieve from storage.

It’s all very well knowing your documents are completely safe whilst with Restore Records Management – but if they are left on desks or fall into the wrong hands when they are at your premises, that’s a potential breach.
The reality is that data is often most at risk when it’s in your possession. So, only retrieve the individual files you need – rather than calling for the entire box – and talk to us about how to keep your documents safe. We can help.

Are paper documents stored in boxes regarded as data?

The easy answer to this one is ‘yes’! And it’s important to stop thinking about ‘boxes’ and start thinking about your paper records as data if you want to keep them safe.

Every document stored in an inventory may have value to the business – and also come with inherent risks.
This could include personal information about employees or customers, for instance. That’s data which is regulated by data protection frameworks, such as GDPR – but which is also crucial to the way you run your business.
Then there’s commercially sensitive information, such as contracts or financial results, which you don’t want to fall into the hands of competitors.

Whatever documents are in your boxes, it’s data – and treated the same by law as if it was a digital file.
Some of those records MUST be kept for a certain period by law. Others, including personal data, should NOT be kept longer than is necessary and should be deleted by a specified date.

The key here is to think of your files and documents as precious data that is valuable to the business. Not as a box of documents to be hidden away and forgotten about.

Does the UK’s GDPR (General Data Protection Regulation) apply to physical documents, such as paper records?

GDPR applies to all personal data – and that includes paper documents. If you have any personal data stored, in any format, then that means you have an obligation as a data controller to look after it.
That means:

Knowing the exact location of every piece of data held at any given point in time.
Ensuring that personal data is not held beyond its legal retention date.
Responding to any Subject Access Requests within a set timeframe.

That’s something to think about when your boxes are in storage. Do you know what’s inside every box and can you track every document?

Restore Records Management can help you do exactly that – and provide an internet portal so that you can easily search for, and locate, documents you need. That’s vital for Subject Access Requests – when individuals ask to see, edit or delete their data.

The bottom line is: don’t just track the box, track every document inside it.

What counts as personal data under GDPR and am I likely to have any in my inventory?

In our experience, almost all inventories include documents with PII (personal identifiable information).
That could be something as simple as the name and address of an employee or customer, email addresses, or someone’s national insurance number. Holding this information makes you a data controller – and means you have obligations to keep it safe from breaches and know exactly where it is, at all times. You must also, on request, allow individuals to see their data and ask for it to be edited or deleted.

How can I protect my confidential documents and valuable data once it is in storage?

When you store your documents with Restore Records Management, we see it as a partnership, designed to protect and keep your documents safe in every way.

Some parts are down to us. For instance, keeping our secure sites safe from water damage, fire and theft.
And to ensure we have all the right certifications necessary – for instance, Cyber Essentials and relevant ISO certifications including:

·   ISO9001 – Quality Management
·   ISO14001 – Environmental Management Systems
·   ISO27001 – Information Security Management
·   ISO22301 – Business Continuity Management Systems

·   BS100081 – Evidential weight and legal admissibility of electronically stored information

For more information about our accreditations and certifications visit here. These are all about ensuring best practices so that we get it right for you and remove risk from the process. Having the certifications means we have been independently assessed and have good solid processes in place.

What can I do to increase the security of my confidential documents?

We find many customers are embarrassed that they don’t know what’s in their boxes. But knowing what you are storing is vital to maximise security and reduce risk. We can work together on identifying what’s in every box and tagging every file.

Once you know what’s in the box, it’s far easier to set retention dates for every document. Keeping documents beyond their retention date can be a data risk – opening you up to the possibility of GDPR fines.

We can help catalogue your data and ensure all documents are easy to retrieve. We can also help arrange secure destruction for documents you no longer need to keep.

Often, businesses only realise the true value of their documents when they need them – and can’t locate them.
So, stop thinking of boxes and files. Instead, understand the true value of your physical data, including confidential documents, and give your inventory the protection it deserves.

To find out more, or discuss your needs, why not get in touch?

Give our specialists a call on 01293780075

Contact us
01293 780 075