Security & Environment Matters

With ShredBank

August - 2010 - The 'real' financial cost of losing information

From the 6th April, the Information Commissioner's Office (ICO) announced that a breach of the Data Protection Act can be punished with a fine of up to £500,000.  The Information Commissioner's Office (ICO) said in its guide to data protection that it has:

‘A statutory power to impose a financial penalty on an organisation if the Information Commissioner is satisfied that there has been a serious breach of one or more of the data protection principles by the organisation, and the breach was likely to cause substantial damage or distress'

Philip Bain of ShredBank stated that “with over 70% of companies in the UK suffering data breaches last year it is becoming increasingly important for organisations to review their document disposal policy to ensure that there is sufficient robust procedures in place that will ensure that the risk of data getting into the wrong hands is minimised.”

For a data breach to attract a monetary penalty the Information Commissioner must be satisfied that there has been a serious breach that was likely to cause damage or distress and it was either deliberate or negligent and the organisation failed to take reasonable steps to prevent it.

Example – Damage
Following a security breach by a data controller financial data is lost and an individual becomes the victim of identity fraud.

Example - Distress
Following a security breach by a data controller medical details are stolen and an individual suffers worry and anxiety that his sensitive personal data will be made public even if his concerns do not materialise.

Example - Deliberate
A marketing company collects personal data stating it is for the purpose of a competition and then, without consent, knowingly discloses the data to populate a tracing database for commercial purposes without informing the individuals concerned.

Shredathons - Raising awareness

ShredBank strongly believe in raising the awareness of the importance of secure document disposal.  To raise public awareness, we run a number of free shredding events called Shredathons.

What is a “Shredathon”?

A  ‘Shredathon’ is were members of the local community get to shred all their confidential and personal information free of charge in ShredBank’s state-of-the art mobile shredding trucks.

“With the growth of personal identity fraud, security of information is increasingly important to businesses, organisations and individuals,” said Kate Clingen of ShredBank. “Shredding is an environmentally responsible way to deal with the problem as we recycle the end product”. 

ShredBank will be running their next Shredathon at Forestside Shopping Centre, Belfast (just in front of Sainsburys) on the 20th August 2010 at 1.00am – 1.30am.  Everyone is welcome.  For more information call 0800 6335599 or visit our website at www.shredbank.co.uk.

Philip Bain is Director of on-site shredding company ShredBank. He can be contacted by phone on 0800 633 5599, online at www.shredbank.co.uk or by email: philip@shredbank.co.uk

The content of this article is provided for information purposes only and does not constitute professional or other advice.

June 2010 - The Cost of ID Fraud & a Solution

What is the cost of ID Fraud?
Identity fraud occurs to an individual when a person’s personal information is used by someone else without their knowledge to obtain credit, goods or other services fraudulently. It can even extend to securing a passport in their name. In the UK alone there are 4.3 million victims of identity fraud to date.

The UK’s Fraud Prevention Service stated that:

• Identity fraud cost the economy £1.2 billion per annum
• Identity fraud accounts for a criminal cashflow of £10m per day
• Plastic card fraud losses totalled £535.2 million in 2007 - with card identity theft accounting for £34.1 million of this
• Approximately 2,500 fraudulent applications for driving licences were detected by the Driver and Vehicle Licensing Agency (DVLA) in the 12 month period to March 2007
• 16,500 fraudulent applications for passports were received by the Identity and Passport Service (IPS) in the 12 months to September 2006.


What is a Shredathon?
Shredathon is a unique event that allows the general public to bring their confidential documents that they wish to dispose off and have them confidentially destroyed in one of ShredBank’s mobile shredding trucks for free. ShredBank’s last Shredathon event took place last month at Lisnasharragh Primary School in Belfast and it was a great success!

Due to the significant and growing risk of Identity Fraud, this free event highlights the importance of securely disposing of your personal confidential information.

When is the next ShredBank Shredathon?
The next Shredathon event will be on the 16th June 2010 at 6.00pm at the Mount Conference Centre in Belfast. The shredding event will be open to all those who register for the Management Leadership Network seminar called “Bucking the Trend - Success in a Recession” that will be taking place that evening in the Mount Conference Centre.
Stealing sensitive information from employers has become “endemic” in our culture. Philip Bain, from on-site document destruction company ShredBank, offers a few tips on how to protect your company’s information.

Philip Bain is Director of on-site shredding company ShredBank. He can be contacted by phone on 0800 633 5599, online at www.shredbank.co.uk or by email: philip@shredbank.co.uk The content of this article is provided for information purposes only and does not constitute professional or other advice.

The content of this article is provided for information purposes only and does not constitute professional or other advice.

May 2010 - Employee Data Theft is now “Endemic”

According to a survey sponsored by information security company, Cyber-Ark Software 41% of employees have taken sensitive data from their previous employer and brought the information to their current employer. Some 26% of respondents also said that they would pass on company information if it proved useful in getting friends or family a job.
So how do we ensure that our information is always secure and will never get into the wrong hands? Here are a few simple tips on how to protect your company’s information:

Take stock of it
Audit what information you have and where your company stores sensitive data. Look at what confidential information you have (sales information, pricing, HR records, financial reports, customer information etc) and where is it kept (file cabinets, computer, files at home etc). Find out who has access to that information and what restrictions, if any, are in place. Start to look at what should have restrictive access depending on the types of information and the different levels of risk.

Reduce it
What information should you keep and what shouldn’t you keep? Keep only what you need for your business, if you don’t have a legitimate business need for keeping it then don’t retain it. Only keep information for as long as you need to and then destroy it.

Lock it
The most effective data security is to look at physical security of your documents by making sure they are under lock and key with restricted access, and electronic security by ensuring that your IT provider implements robust security procedures for your computer systems. Employee training is crucial to ensure that staff are aware of your policies for keeping information secure and the disciplinary consequences if they breach them.

Destroy it
Confidential documents in open bags lying around in the office or in a skip outside your office can be a gold mine for ID thefts and opportunists who want to view or steal your information. By properly disposing of sensitive information your company is significantly reducing the risk of information getting into the wrong hands which can have huge financial consequences and implications for your company. Review your current method of document destruction. If you use an external contractor to dispose of your waste, carry out an immediate review of the process that they adopt to destroy your documents and assess how secure that process is.

With the legal requirements of the Data Protection Act, the growth in ID Fraud and the many stories in the media of organisations losing data, this is an essential way to start thinking about information and security.

Philip Bain is Director of on-site shredding company ShredBank. He can be contacted by phone on 0800 633 5599, online at www.shredbank.co.uk or by email: philip@shredbank.co.uk

The content of this article is provided for information purposes only and does not constitute professional or other advice.

March 2010 - Exposing the Myth - Disposing Confidential Documents and Corporate Liability

A number of years ago before ShredBank was established; I met with a senior manager of one of the largest companies in the UK. We were discussing the recent media stories surrounding government departments losing confidential documents and data. During the course of discussions, we talked about the implications of a company losing confidential data, such as the negative publicity, legal action, financial loss, reputation etc. The discussion eventually turned to where we thought responsibility, indeed where liability, rested when data was lost. I found it particularly interesting to find out that the manager actually thought that the “responsibility lay with the contractor who picks up the bags...and if they lose the data then it is their responsibility”

Essentially, the manager’s view was that the company ended its liability for those documents the minute they were taken off-site by a contractor and driven away to be shredded. In my experience with ShredBank it is a common view held within industry and it makes a lot of sense. The reality, however, is that the law takes a completely different view. If you have confidential information that you want to dispose of relating to your employees, your suppliers or your own company itself then you are personally responsible for that information until the point it has been shredded and destroyed.

When a contractor picks up bags from your premises, unless the contract says otherwise, the liability for your documents hasn’t passed over to them....you as a business owner or as a director are still personally liable until the point that those documents have been destroyed. So when the files are in transit...you are liable, when the documents go into the contractors premises...you are liable and when some contractors may even be sifting and sorting for recycling purposes… you are still liable. Until the material hits the shredder, if any of your data gets into the wrong hands – you are liable!

It is arguable that we can all say “so what!”, as there are a lot of things that we are liable for and it is just par for the course of being in business. The point of the matter is that with this method of disposing of information, you have all the liability from start to end but absolutely no control over the process. As an owner, it’s not practical to sit in the van watching over your bags of documents being driven to the shredding plant and you don’t have the time to wait for hours to see your bags being shredded. So you have no control, but if any data is lost then it is your responsibility. You may seek remedy from the contractor if they lose any of your information, but it is your company that will get sued and it is your company that has failed in your duty of care.

The solution??? That will have to wait until next month or drop me a line if you’re the impatient type!

Philip Bain is Director of on-site shredding company ShredBank. He can be contacted by phone on 0800 633 5599, online at www.shredbank.co.uk or by email: philip@shredbank.co.uk

The content of this article is provided for information purposes only and does not constitute professional or other advice.

Feb 2010 - Beware of the ‘Bin Hokers’

Years ago, in previous employment, as a young graduate I remember watching my divisional director prepare his management report for his quarterly board meeting. His desk was positioned close to mine and I noticed that having printed out his draft report to scan over, he proceeded to tear it up and throw it in the bin. Having never seen a “board report” before I was naturally curious and even more curious when I glanced into the bin and saw my name on the report. Once I saw my name I couldn’t resist....and promptly took the torn up document out of the bin to see what was being said about me!! Fortunately the comment was positive and I discarded it back in the bin.

Clearly I am not advocating reading information in bins but from personal experience no one can assume that documents in the bin = total confidentiality. In these uncertain times, staff are naturally going to be all the more curious and all the more interested in what is going on in an organisation. Inevitably, the recession has given rise to the “Bin Hoker”.

Understandably, as owner/managers, the issue of documents and bins is not that high up in the agenda! Everyone is busy getting on with their jobs and focusing on the work at hand rather than worrying about what should be shredded, retained, or simply discarded in the bin. More often than not we just don’t have the time to think about it. Let’s face it; most people have enough to worry about in this current economic climate!

However, as directors and managers we do have to worry about it, because the pile of paper that we see in the bin presents us all with a big security problem. Concentrating on security in this article, let’s test the proposition that there is an issue of document security within your organisation. Take a minute to walk into the admin office or the finance team, go to one of their bins and lift out any piece of paper with writing on it. Then ask yourself – would I want my staff, my suppliers, my competitors or the general public to see this? The answer would most likely be no. Then ask yourself – what are the implications of third parties viewing this information?

Whether we care to admit it or not document security is a problem for us all! There were over 170,000 cases of ID fraud last year, costing the UK economy approximately £2 billion. Furthermore, the Data Protection Act 1998 puts a legal dimension to the whole importance of secure retention and disposal of documents. Fines can be severe for directors breaching Data Protection laws and companies are personally liable for information under their control.

So ask yourself – how secure is my document disposal process? Look at your current internal processes – where do those documents in the bin end up? Gone are the days when all waste was considered to be ‘rubbish’ and just casually thrown away.

If you are using an external contractor look at the method of disposal from start to finish. Ring your current shredding provider and ask for their entire process from collection of bags, to transit of documents, to final shred. Ask if operatives are security cleared? Wear ID badges? Have all signed confidentiality agreements? When the documents are taken away from your premises and back to a central location, ask if your documents are sifted and sorted or immediately shredded in a secure environment? Will you get a Certificate of Destruction that means you are no longer liable when the waste leaves your premises? You want complete peace of mind, safe in the knowledge that your documents have been destroyed and that it is impossible for anyone to read them.

So, take the dawn of the New Year to look at your document disposal processes – it could be a crucial resolution!

Philip Bain is Director of on-site shredding company ShredBank. ShredBank provides an on-site document destruction service that ensures complete legal and environmental compliance.  Philip can be contacted by phone on 0800 633 5599, online at www.shredbank.co.uk or by email.

The content of this article is provided for information purposes only and does not constitute professional or other advice.

MLN Champions


podiem
podiem
being
esp
europa
mcgrigors
dcp
shredbank
tartan
Register Now
Contact Us


Privacy Statement