|
|
Security & Environment Matters....with ShredBank Exposing the Myth - Disposing Confidential Documents and Corporate Liability A number of years ago before ShredBank was established; I met with a senior manager of one of the largest companies in the UK. We were discussing the recent media stories surrounding government departments losing confidential documents and data. During the course of discussions, we talked about the implications of a company losing confidential data, such as the negative publicity, legal action, financial loss, reputation etc. The discussion eventually turned to where we thought responsibility, indeed where liability, rested when data was lost. I found it particularly interesting to find out that the manager actually thought that the “responsibility lay with the contractor who picks up the bags...and if they lose the data then it is their responsibility” Essentially, the manager’s view was that the company ended its liability for those documents the minute they were taken off-site by a contractor and driven away to be shredded. In my experience with ShredBank it is a common view held within industry and it makes a lot of sense. The reality, however, is that the law takes a completely different view. If you have confidential information that you want to dispose of relating to your employees, your suppliers or your own company itself then you are personally responsible for that information until the point it has been shredded and destroyed. When a contractor picks up bags from your premises, unless the contract says otherwise, the liability for your documents hasn’t passed over to them....you as a business owner or as a director are still personally liable until the point that those documents have been destroyed. So when the files are in transit...you are liable, when the documents go into the contractors premises...you are liable and when some contractors may even be sifting and sorting for recycling purposes… you are still liable. Until the material hits the shredder, if any of your data gets into the wrong hands – you are liable! It is arguable that we can all say “so what!”, as there are a lot of things that we are liable for and it is just par for the course of being in business. The point of the matter is that with this method of disposing of information, you have all the liability from start to end but absolutely no control over the process. As an owner, it’s not practical to sit in the van watching over your bags of documents being driven to the shredding plant and you don’t have the time to wait for hours to see your bags being shredded. So you have no control, but if any data is lost then it is your responsibility. You may seek remedy from the contractor if they lose any of your information, but it is your company that will get sued and it is your company that has failed in your duty of care. The solution??? That will have to wait until next month or drop me a line if you’re the impatient type! Philip Bain is Director of on-site shredding company ShredBank. He can be contacted by phone on 0800 633 5599, online at www.shredbank.co.uk or by email: philip@shredbank.co.uk The content of this article is provided for information purposes only and does not constitute professional or other advice. Feb 2010 - Beware of the ‘Bin Hokers’ Years ago, in previous employment, as a young graduate I remember watching my divisional director prepare his management report for his quarterly board meeting. His desk was positioned close to mine and I noticed that having printed out his draft report to scan over, he proceeded to tear it up and throw it in the bin. Having never seen a “board report” before I was naturally curious and even more curious when I glanced into the bin and saw my name on the report. Once I saw my name I couldn’t resist....and promptly took the torn up document out of the bin to see what was being said about me!! Fortunately the comment was positive and I discarded it back in the bin. Clearly I am not advocating reading information in bins but from personal experience no one can assume that documents in the bin = total confidentiality. In these uncertain times, staff are naturally going to be all the more curious and all the more interested in what is going on in an organisation. Inevitably, the recession has given rise to the “Bin Hoker”. Understandably, as owner/managers, the issue of documents and bins is not that high up in the agenda! Everyone is busy getting on with their jobs and focusing on the work at hand rather than worrying about what should be shredded, retained, or simply discarded in the bin. More often than not we just don’t have the time to think about it. Let’s face it; most people have enough to worry about in this current economic climate! However, as directors and managers we do have to worry about it, because the pile of paper that we see in the bin presents us all with a big security problem. Concentrating on security in this article, let’s test the proposition that there is an issue of document security within your organisation. Take a minute to walk into the admin office or the finance team, go to one of their bins and lift out any piece of paper with writing on it. Then ask yourself – would I want my staff, my suppliers, my competitors or the general public to see this? The answer would most likely be no. Then ask yourself – what are the implications of third parties viewing this information? Whether we care to admit it or not document security is a problem for us all! There were over 170,000 cases of ID fraud last year, costing the UK economy approximately £2 billion. Furthermore, the Data Protection Act 1998 puts a legal dimension to the whole importance of secure retention and disposal of documents. Fines can be severe for directors breaching Data Protection laws and companies are personally liable for information under their control. So ask yourself – how secure is my document disposal process? Look at your current internal processes – where do those documents in the bin end up? Gone are the days when all waste was considered to be ‘rubbish’ and just casually thrown away. If you are using an external contractor look at the method of disposal from start to finish. Ring your current shredding provider and ask for their entire process from collection of bags, to transit of documents, to final shred. Ask if operatives are security cleared? Wear ID badges? Have all signed confidentiality agreements? When the documents are taken away from your premises and back to a central location, ask if your documents are sifted and sorted or immediately shredded in a secure environment? Will you get a Certificate of Destruction that means you are no longer liable when the waste leaves your premises? You want complete peace of mind, safe in the knowledge that your documents have been destroyed and that it is impossible for anyone to read them. So, take the dawn of the New Year to look at your document disposal processes – it could be a crucial resolution! Philip Bain is Director of on-site shredding company ShredBank. ShredBank provides an on-site document destruction service that ensures complete legal and environmental compliance. Philip can be contacted by phone on 0800 633 5599, online at www.shredbank.co.uk or by email. |
