The importance of outsourcing data disposal
Identity theft and fraud is rising every year, creating negative consequences to organisations and their customers. It is increasingly important for organisations to protect their customers’ information and take responsibility when implementing a security strategy. Secure document destruction should be a critical part of this strategy.
New research suggests that organisations are not aware if their disposal provider complies with the European Standard EN1571. The Information Destruction (ID) section of the BSIA (British Security Industry Association) has released some ‘key facts and figures’ which aims to encourage organisations to think carefully when outsourcing their sensitive and confidential data disposal.:
- The UK economy is down on average £1.7 billion per year due to identity fraud, according to Home Office reports.
- The law was changed in 2010 giving the Information Commissioners Office (ICO) the power to fine up to £500,000 to those organisations not adhering to the Data Protection Act.
- Consumers and organisations face large financial consequences when data is breached. In 2010, the average cost of a data breach reached £1.9 million.
- An ICO survey revealed that of those asked, 94% stated that ‘protecting personal information’ was one of their major concerns. This demonstrates public concern over the handling of confidential and sensitive data.
A NAID survey (the US-based National Association for Information Destruction) sheds further light on the issue. Over the course of a month and within the London area, an investigation was undertaken to see what waste was left in commercial bins which could be readily accessed by the public. Of the hospitals, law offices and banks monitored, 44% were found to be disposing of personal information in this way. Examples cited were:
- Medical records dumped relating to 70 vulnerable patients (names, addresses and treatment descriptions) attending a private hospital;
- Found in rubbish on the pavement outside a top London law office: a 20 page report relating to a patient with mental health problems and in foster care;
- Left outside a leading pharmacy chain: 20 prescription labels (names, addresses and medication details with some even including their GP’s details).
Stephen Anderson of Crown Intelligence, who carried out the study, said, “It’s shocking to know that these firms regularly break the law. We couldn’t believe some of the personal information we found just dumped in public rubbish bins that leave people wide open to identity fraud if it fell into the wrong hands. It wasn’t like we found single pieces of paper with a careless note here and there. In most cases there were complete documents, emails, letters, computer print-outs and reports in full.”
Personal data must be protected and should be a priority for organisations. To avoid costs and mistakes, organisations are being encouraged to select a quality destruction provider who can ensure data is disposed of correctly and in line with current laws – following the guidelines of best practice. If you feel that your organisation would benefit from some help and guidance with regard to the above article or indeed any other of the articles with the News section, please contact us.