After figures published by the counter-fraud trade body Cifas suggesed that identity fraud is on the rise, members of the British Security Industry Association’s Information Destruction section have warned businesses to be vigilant with how they dispose of information that may contain personal data.
Many businesses collect and retain personal information about their customers and employees. This information is often discarded when it is no longer required after scanning or during archive clearance. Information that is not disposed of correctly, can have huge repercussions for the individual if the data falls into the wrong hands. Such repercussions include financial loss, credit issues, benefit losses, legal problems and stress.
Businesses are obliged under the seventh principle of the Data Protection Act to take appropriate measures against accidental loss, destruction or damage to personal data and against unauthorised or unlawful processing of the data. Failing to do so could result in large financial penalties being imposed by the Information Commissioner, huge reputational damage and even prison sentences for company directors.
To fully comply with the Data Protection Act, a data handler must have a written contract with a company capable of handling confidential waste, which can provide a guarantee that all aspects of collection and destruction are carried out in a secure and compliant manner. To ensure this, suppliers should comply with European Standard BS EN 15713:2009 for security shredding and also BS 7858 for staff vetting.
Chairman of the BSIA’s Information Destruction section, Don Robins, says: “Businesses need to safeguard the individuals that they hold data on by ensuring that documents are shredded by a reputable data destruction company. The same caution must also be taken with computer or laptop hard-drives and any other items which could be used to identify or impersonate individuals.”
All members of the BSIA Information Destruction section are providers of secure data shredding services who can show compliance to BS EN 15713:2009.
For more about the BSIA, or to find a supplier of information destruction services visit: https://www.bsia.co.uk/sections/information-destruction.aspx.
