Minimising environmental damage is now at the heart of corporate social responsibility (CSR) strategies in today's top law firms. The chances are that you are already trying to reduce your paper usage and recycle as much as possible. But the legal profession, like the rest of the business world, is at risk if it does not dispose of its documentation in a safe and reliable manner.

Do your offices have separate paper recycling bins for confidential and non-confidential paper waste? Are they lockable? What happens to evidence contained on video tapes and DVDs when you are no longer required to store it? And do you know what happens to it once it has left your offices?

Case files are highly confidential but the company accounts or marketing strategies containing client fee projections are commercially sensitive too. Despite the risks, research carried out by Experian found that 41% of London businesses were disposing of confidential financial data via their general waste, leaving them and their customers vulnerable to corporate identity fraud.

Personal identity fraud resulting from personnel files and payroll data getting into the wrong hands is also a risk. The recent data loss of child benefit details by HM Revenue & Customs was billed by the media as largest security breach in UK history and served as a stark reminder to the corporate world about the importance of securing staff and customer data. It was also an example of a junior employee being given responsibility for confidential information without being correctly informed of departmental policy. This could be equally true of any routine office tasks such as putting out the rubbish that generally fall to back office staff and even external contractors.

As businesses, law firms have a duty of care and a legal obligation under the 1998 Data Protection Act to protect their clients' and employees' information. You cannot store files indefinitely but, under this legislation, company data controllers or directors must select an information destruction company which can provide sufficient guarantees of security measures, including destruction being carried out under contract and evidenced in writing.

Any business waste management strategy should also take into account current environmental regulations such as the Landfill Directive which states that non-hazardous waste must be 'pre-treated' before going to landfill. Sorting out recyclable materials, such as paper documents, from your general waste is one way of fulfilling the pre-treatment requirements. But, under the Data Protection Act, you must still ensure that the confidential waste element is recycled securely.

We advise customers to follow simple steps to safeguard confidential data during storage and disposal.

Step one: manage your records

Implement an effective information management system throughout your business process – and stick to it. Conduct an audit of your records to establish what you are keeping and where, why you are keeping it and for how long. Then draft a document retention and disposal policy and make sure it is followed. Many law firms now scan all letters and deeds so that the files are retained electronically and can be accessed by remote staff working through a secure network. If this is the case you must incorporate these electronic files into your retention and disposal policy too.

Step two: control access

Separate sensitive information, secure it in a safe place and grant access only to the people who really need it. If it is being thrown away, consider how it is stored. We supply our customers with lockable office bins, skips, security bags and seals for example.

Step three: inform your staff

If you have a practice-wide waste management policy you should ensure it is available and understood by everyone from the senior partners to part-time support staff. And if you work in-house you need to ensure that other departments treat your documents with the same degree of care. If your staff understand the dangers of identity theft and their legal obligations, they will be far more careful.

Step four: secure and green disposal

Once a document has reached the end of its life and no longer needs to be retained, it must be disposed of securely. Look for a company accredited with the British Security Industry Association (BSIA) or the UK Security Shredding Association (UKSSA) which can destroy your information and recycle it securely, protecting both your company and the environment. All BSIA and UKSSA members hold International Standards Organisation (ISO) 9001:2000 accreditation, comply with a code of ethics, and are inspected to British Standard 8470, the standard for the destruction of confidential material, as part of their ISO accreditation audit procedure.

Ask whether the company's staff have been vetted and security checked and if they use secure vehicles for collection.

Step five: witness destruction

Do you know what happens to your confidential waste when it leaves the premises?

Collections should be carried out by uniformed staff with identity passes, in a secure vehicle to ensure there is an unbroken chain of custody from collection and baling to delivery to the paper mills. If necessary you should ask whether you can accompany the confidential waste to witness its destruction first hand.

Step six: certify destruction

Ensure you are given a destruction certificate which provides a legal audit trail.

It is estimated that waste disposal currently costs 4% of a company's turnover. With landfill tax set to double by 2010, businesses will clearly be feeling the pressure to recycle more, if they are not already doing so, and for CSR reasons they should do it to give themselves a competitive 'green' advantage. But any waste management policy must give proper consideration to confidential data – failing to destroy of it securely could cost you very dearly.

David Bowker is manager of Smurfit Kappa's security shredding services.