We live in a digital information age and how this information in gathered and viewed is through mobile or electronic devices. On site document shredding services will handle your paper data and also digital media to be destroyed securely.
Cyber liability, cyber security and information governance are terms that managers and directors are aware of due to high-profile data security breaches in recent events (“Panama papers”). Mason Hayes & Curran covers the critical questions these companies need to be asking.
In an increasingly interconnected world, with the expansion of the internet and development of the internet of things (IoT), there has been a corresponding increase in the vulnerability of information systems to attack.
The Cyber Security for Directors app with the Institute of Directors in Ireland has released an app to help heads of companies to understand their responsibilities regarding digital data security.
The app details the various types of cyber liability and cyber risks, while drawing together the key areas for directors to consider. It also outlines both proactive and reactive strategies to manage cyber security. The app is available on Android and iOS.
Technology has rapidly changed over the past 20 years and continues to grow. People’s reliance on digital devices both for storage and transmission of data, is making data breaches all the more damaging to organisations. How a mobile device operates both the front end (you) and back end(server) is not that transparent unless you have a good understanding of data transfers.
Knowing how this works is not essential but can make it easer to understand where the pitfalls lie within a device will benefit data security.
Where there is liability, there is a corresponding responsibility for that liability. As the duties of directors come increasingly under the microscope, it is clearly in the interests of directors to ensure that they understand their responsibilities in this area.
Below, we have outlined the key questions that directors should ask in relation to the collection and processing of data
1. Are we being transparent?
Data must be obtained fairly and the company must be transparent about the reason the data is being collected and the purpose for which the data will be used. Data must not then be put to a further incompatible use.
2. Do we have consent?
Consent is usually, but not always, required. If the information is non-sensitive, there can be implied consent. If the information gathered is sensitive (such as relating to an individual’s health, race, sex life, religious beliefs or trade union membership) then there must be explicit consent.
3. How long are we retaining data for?
Personal data can only be stored for as long as is necessary. There should be no retention of data ‘just in case’.
4. Are we collecting unnecessary data?
Data should only be collected if necessary. There are PR risks to any company if data is collected and stored unnecessarily.
5. Are we keeping the data secure?
You must have appropriate security measures to protect any data you are storing. Take into consideration the state of the technology you are using, the cost of implementation and the nature of the data and potential harm if a breach occurs.
6. Are we giving the data to third parties?
Are the third parties controllers or processors? In other words, on whose behalf will they use the data? If they are controllers, you will likely need consent for collection. If they are processors, special written contract terms are required.
7. Is the data leaving Europe?
If collected data remains within the European Economic Area (EEA), transfer issues do not arise. If the data is to be transferred outside the EEA then safeguards are required unless it is an approved country, eg Canada.
Check out www.mhc.ie for more information on Tech law.
Industrial paper shredding and media destruction are performed securely and confidentially by our team at Security In Shredding. For more information on our shredding or destruction services please contact us.