Posts Tagged ‘ICO’
The threat of a £500,000 fine from the ICO is preying on everyone’s minds. And unfortunately, there are some ruthless shredding services companies out there jumping on the bandwagon by offering what they claim to be a secure document destruction solution…
But before agreeing to what, on the surface may seem a good deal, dig a little deeper and consider the following;
1. Is the shredding company accredited?
Check if the shredding company you’re considering is registered with the British Security Industry Association (BSIA), the United Kingdom Secure Shredding Association (UKSSA) and the National Association of Information Destruction (NAID). As an accredited member, companies offering shredding services are required to adhere to stringent standards including EN15713. This ensures the security of all aspects of their business; from their premises, vehicles and employees through to the size the materials are shredded to.
2. Will you be provided with evidence of document destruction?
Following document destruction, you should be issued with a certificate of destruction detailing the type of material destroyed, the amount destroyed and the date it was destroyed on. Each document destruction certificate should also contain a unique reference number which means you are provided with a complete audit trail of the shredding service.
3. Are their employees security checked?
Due to the secure nature of the role, it’s important to ensure the personnel handling your confidential information are security cleared. Check if they are cleared to EN15713 standard “Security Screening of Personnel Employed in a Security Environment”and if they have completed Criminal Records Bureau disclosures or Disclosure Scotland.
4. Do they offer an on-site shredding service?
Using an on-site document destruction company guarantees the security of your documents – your confidential, sensitive material is destroyed on site and in your view.
If an off-site service suits you better, make sure the material collected is destroyed within 24 hours. Also, ensure the transportation of the material is “trackable” and the document destruction and recycling facility itself is fully secure.
5. Does the shredding company provide secure storage containers?
Are these containers secure and lockable? Are they high quality and do they look good? Will they help you decide how many you need and will they fit in with the rest of your office furniture?
6. Can they provide a national and flexible service?
Is the mobile shredding company regularly in your area? Do they have a base in the area? Check to ensure that alongside a regular scheduled shredding service, they have the flexibility and capacity to accommodate ad hoc collections and large “clutter clearouts”.
7. How environmentally friendly are they?
Review their green credentials. Check if they have ISO14001 status. What happens to your materials once they’re destroyed – are they recycled? Do they operate a tree planting scheme? Do they operate green routes as well as using lighter, quieter vehicles to further reduce their carbon footprint?
8. Will they securely destroy other media?
Its not just paper that contains sensitive and confidential information. Hard drives, memory sticks, CDs/DVDs and laptops can all still store confidential files even after deletion and should be completely destroyed.
9. What insurances do they have?
Make sure the shredding company you decide to use is properly covered. Check they have up to date employers’ liability, public liability and product liability. Professional indemnity insurance is also a bonus.
10. How do they manage their processes?
ISO9001 is the internationally recognised standard for quality management and by working with an ISO9001 registered shredding company you can be assured quality and customer focus is at the forefront of what they do.
In November 2009, the Information Commissioners Office (ICO) revealed that a large number of T-Mobile customer data had been stolen and sold to a third party company by an employee of the company. The revelation came as a result of a campaign by the ICO to introduce tougher punishment for data thieves.
T-Mobile, a part of Deutsche Telekom AG, confessed that the details had been sold and stated that they were working with the ICO to not only find the culprit but to wipe out a common problem for all mobile phone companies.
Rival companies had bought and used the information to call customers that were nearing the end of their current contract and would offer them a new one with a new network.
Now, 9 months on, former T-Mobile employee David Turley will be prosecuted after confessing to the crime. Turley admitted to selling the data at Chester Crown Court in July and faces 18 charges under Section 55 of the Data Protection Act.
These charges come on the tail of increased penalties for Data Theft. Before April this year, the maximum penalty for data theft in the UK was a fine of £5000. Now, new legislation has now enabled the ICO to charge companies fines of up to £500,000.
A second former employee, Darren Hames, will submit his plea regarding his role in the theft later this year.
Many companies are already taking precautions to deal with the ‘Insider Threat’ regarding Data Loss Prevention and are adding such tools and technologies such as cryptography and Secure Erasure to ensure that data is accessed only by those with authorisation and destroyed when no longer required.
Anusree Saha, Channel Marketing Manager of Data Destruction company, Shred Easy Ltd explains that, “the fact that the employees have now been charged and the introduction of new powers for the ICO, in April, shows that data theft is an increasing problem that requires harsher penalties.”
“Confidential information is constantly made accessible to would-be thieves and it is encouraging to see the increased severity of the punishments.”
The whole subject of Data Privacy has grown over recent years and has even seen the establishment of an International Association of Privacy Professional (IAPP) with membership spanning the globe.
COURTESY OF DIGITAL FORENSICS MAGAZINE: http://digitalforensicsmagazine.com/
As the UKs leading confidential document and data destruction company, we have boosted our team by employing a new compliance manager.
Nigel Boothby, 44, who has 23 years experience of maintaining security procedures, health and safety, operational procedures and quality systems, has been employed as head of compliance to maintain our rigorous professional and customer service standards.
Working with our existing environmental and quality management teams, he will also ensure a consistent and co-ordinated approach to maintaining our international ISO9001 and ISO 14001 accreditations.
We are at the forefront of the security sector and we are fully compliant with all professional, quality and environmental management systems, as well as health and safety and security regulations. By having Nigel in place ensures the highest levels of compliance going forward.
Jim Watson, managing director of Shred Easy, said:
“Nigel’s job is to ensure consistency and maximise security for clients. This demonstrates our commitment to providing the most secure solution in operation by consistently adhering to all security, quality and environmental standards for customers. Shred Easy are the only company operating in the secure destruction business that has set up this compliance role to ensure our customers benefit from the most secure and compliant service available. Our accreditations have all been achieved after completing intensive assessments relating to everything from the security of our facilities to the cutting width of the paper we shred.
“This issue has become increasingly important as the Information Commissioner’s Office (ICO) has increased penalties for businesses failing to destroy confidential data to £500,000. So it’s now more important than ever to be compliant.”
We are members of the the British Security Industry Association (BSIA), the UK Security Shredding Association (UKSSA), the European National Association for Information Destruction (NAID), and has UKAS accredited ISO 9001 and 14001 registrations.