|
![]()
|
Security & Environment Matters With ShredBank August - 2010 - The 'real' financial cost of losing informationFrom the 6th April, the Information Commissioner's Office (ICO) announced that a breach of the Data Protection Act can be punished with a fine of up to £500,000. The Information Commissioner's Office (ICO) said in its guide to data protection that it has: ‘A statutory power to impose a financial penalty on an organisation if the Information Commissioner is satisfied that there has been a serious breach of one or more of the data protection principles by the organisation, and the breach was likely to cause substantial damage or distress' Philip Bain of ShredBank stated that “with over 70% of companies in the UK suffering data breaches last year it is becoming increasingly important for organisations to review their document disposal policy to ensure that there is sufficient robust procedures in place that will ensure that the risk of data getting into the wrong hands is minimised.” For a data breach to attract a monetary penalty the Information Commissioner must be satisfied that there has been a serious breach that was likely to cause damage or distress and it was either deliberate or negligent and the organisation failed to take reasonable steps to prevent it. Example – Damage Example - Distress Example - Deliberate Shredathons - Raising awareness ShredBank strongly believe in raising the awareness of the importance of secure document disposal. To raise public awareness, we run a number of free shredding events called Shredathons. What is a “Shredathon”? A ‘Shredathon’ is were members of the local community get to shred all their confidential and personal information free of charge in ShredBank’s state-of-the art mobile shredding trucks. “With the growth of personal identity fraud, security of information is increasingly important to businesses, organisations and individuals,” said Kate Clingen of ShredBank. “Shredding is an environmentally responsible way to deal with the problem as we recycle the end product”. ShredBank will be running their next Shredathon at Forestside Shopping Centre, Belfast (just in front of Sainsburys) on the 20th August 2010 at 1.00am – 1.30am. Everyone is welcome. For more information call 0800 6335599 or visit our website at www.shredbank.co.uk. June 2010 - The Cost of ID Fraud & a Solution What is the cost of ID Fraud? The UK’s Fraud Prevention Service stated that: • Identity fraud cost the economy £1.2 billion per annum
Due to the significant and growing risk of Identity Fraud, this free event highlights the importance of securely disposing of your personal confidential information. Philip Bain is Director of on-site shredding company ShredBank. He can be contacted by phone on 0800 633 5599, online at www.shredbank.co.uk or by email: philip@shredbank.co.uk The content of this article is provided for information purposes only and does not constitute professional or other advice. The content of this article is provided for information purposes only and does not constitute professional or other advice. May 2010 - Employee Data Theft is now “Endemic” According to a survey sponsored by information security company, Cyber-Ark Software 41% of employees have taken sensitive data from their previous employer and brought the information to their current employer. Some 26% of respondents also said that they would pass on company information if it proved useful in getting friends or family a job. Take stock of it Reduce it Lock it Destroy it With the legal requirements of the Data Protection Act, the growth in ID Fraud and the many stories in the media of organisations losing data, this is an essential way to start thinking about information and security. Philip Bain is Director of on-site shredding company ShredBank. He can be contacted by phone on 0800 633 5599, online at www.shredbank.co.uk or by email: philip@shredbank.co.uk The content of this article is provided for information purposes only and does not constitute professional or other advice. March 2010 - Exposing the Myth - Disposing Confidential Documents and Corporate Liability A number of years ago before ShredBank was established; I met with a senior manager of one of the largest companies in the UK. We were discussing the recent media stories surrounding government departments losing confidential documents and data. During the course of discussions, we talked about the implications of a company losing confidential data, such as the negative publicity, legal action, financial loss, reputation etc. The discussion eventually turned to where we thought responsibility, indeed where liability, rested when data was lost. I found it particularly interesting to find out that the manager actually thought that the “responsibility lay with the contractor who picks up the bags...and if they lose the data then it is their responsibility” Essentially, the manager’s view was that the company ended its liability for those documents the minute they were taken off-site by a contractor and driven away to be shredded. In my experience with ShredBank it is a common view held within industry and it makes a lot of sense. The reality, however, is that the law takes a completely different view. If you have confidential information that you want to dispose of relating to your employees, your suppliers or your own company itself then you are personally responsible for that information until the point it has been shredded and destroyed. When a contractor picks up bags from your premises, unless the contract says otherwise, the liability for your documents hasn’t passed over to them....you as a business owner or as a director are still personally liable until the point that those documents have been destroyed. So when the files are in transit...you are liable, when the documents go into the contractors premises...you are liable and when some contractors may even be sifting and sorting for recycling purposes… you are still liable. Until the material hits the shredder, if any of your data gets into the wrong hands – you are liable! It is arguable that we can all say “so what!”, as there are a lot of things that we are liable for and it is just par for the course of being in business. The point of the matter is that with this method of disposing of information, you have all the liability from start to end but absolutely no control over the process. As an owner, it’s not practical to sit in the van watching over your bags of documents being driven to the shredding plant and you don’t have the time to wait for hours to see your bags being shredded. So you have no control, but if any data is lost then it is your responsibility. You may seek remedy from the contractor if they lose any of your information, but it is your company that will get sued and it is your company that has failed in your duty of care. The solution??? That will have to wait until next month or drop me a line if you’re the impatient type! Philip Bain is Director of on-site shredding company ShredBank. He can be contacted by phone on 0800 633 5599, online at www.shredbank.co.uk or by email: philip@shredbank.co.uk The content of this article is provided for information purposes only and does not constitute professional or other advice. Feb 2010 - Beware of the ‘Bin Hokers’ Years ago, in previous employment, as a young graduate I remember watching my divisional director prepare his management report for his quarterly board meeting. His desk was positioned close to mine and I noticed that having printed out his draft report to scan over, he proceeded to tear it up and throw it in the bin. Having never seen a “board report” before I was naturally curious and even more curious when I glanced into the bin and saw my name on the report. Once I saw my name I couldn’t resist....and promptly took the torn up document out of the bin to see what was being said about me!! Fortunately the comment was positive and I discarded it back in the bin. Clearly I am not advocating reading information in bins but from personal experience no one can assume that documents in the bin = total confidentiality. In these uncertain times, staff are naturally going to be all the more curious and all the more interested in what is going on in an organisation. Inevitably, the recession has given rise to the “Bin Hoker”. Understandably, as owner/managers, the issue of documents and bins is not that high up in the agenda! Everyone is busy getting on with their jobs and focusing on the work at hand rather than worrying about what should be shredded, retained, or simply discarded in the bin. More often than not we just don’t have the time to think about it. Let’s face it; most people have enough to worry about in this current economic climate! However, as directors and managers we do have to worry about it, because the pile of paper that we see in the bin presents us all with a big security problem. Concentrating on security in this article, let’s test the proposition that there is an issue of document security within your organisation. Take a minute to walk into the admin office or the finance team, go to one of their bins and lift out any piece of paper with writing on it. Then ask yourself – would I want my staff, my suppliers, my competitors or the general public to see this? The answer would most likely be no. Then ask yourself – what are the implications of third parties viewing this information? Whether we care to admit it or not document security is a problem for us all! There were over 170,000 cases of ID fraud last year, costing the UK economy approximately £2 billion. Furthermore, the Data Protection Act 1998 puts a legal dimension to the whole importance of secure retention and disposal of documents. Fines can be severe for directors breaching Data Protection laws and companies are personally liable for information under their control. So ask yourself – how secure is my document disposal process? Look at your current internal processes – where do those documents in the bin end up? Gone are the days when all waste was considered to be ‘rubbish’ and just casually thrown away. If you are using an external contractor look at the method of disposal from start to finish. Ring your current shredding provider and ask for their entire process from collection of bags, to transit of documents, to final shred. Ask if operatives are security cleared? Wear ID badges? Have all signed confidentiality agreements? When the documents are taken away from your premises and back to a central location, ask if your documents are sifted and sorted or immediately shredded in a secure environment? Will you get a Certificate of Destruction that means you are no longer liable when the waste leaves your premises? You want complete peace of mind, safe in the knowledge that your documents have been destroyed and that it is impossible for anyone to read them. So, take the dawn of the New Year to look at your document disposal processes – it could be a crucial resolution! Philip Bain is Director of on-site shredding company ShredBank. ShredBank provides an on-site document destruction service that ensures complete legal and environmental compliance. Philip can be contacted by phone on 0800 633 5599, online at www.shredbank.co.uk or by email. |











