Irish Companies must do more to protect themselves

In 2015 The Irish Computer society carried out a nationwide survey in order to ascertain data protection professional’s opinion in the area of data protection.

Data Protection

Results

The results show that of the 150 companies who took part in the survey, 15% had no data retention /destruction policy in place. This places these Organisations at sever risk of non-compliance with the GDPR due to come into force in May 2018. Another significant result from the survey showed that companies firmly laid the blame for 45% of all data breaches on employee negligence. Employee negligence can result in significant fines for Organisations that fail to have adequate procedures in place to manage Data Protection, secure paper Destruction/IT disposal, once the said information has reached its retention period.

Data Retention

In line with the Data Protection Acts, all data controllers are required to retain information for no longer than is necessary for the purpose. With that in mind, an accurate retention policy for all documentation ensures that a company can keep track of their different legal requirements. When there is no policy in place companies run the risk of losing data, storing both paper and digital files longer than is necessary, experience breaches in information security while also breaking the regulations under the Data Protection Act.

Data Destruction

The Data Protection Act places the responsibility on companies for the safe disposal/destruction of information in their possession. Responsibility for secure destruction, falls under the remit of the data controller and it their responsibility to ensure that their disposal practices are compliant. If a company intends to hold information regarding customers in order to enhance services to them in the future, customer consent must be sought!

Employee negligence

Employees with a grudge are responsible for some breaches, however many are due to employee negligence, maybe by ignoring a warning, not following proper procedures or just by human error. Employee breaches can fall into 3 categories:

  1. Innocent actions: wrongly addressed letters, misplacing mobile phones

  2. Careless or negligent: ignoring warnings that flash up on computer screen, releasing information in either the form of paper or IT equipment to a non-compliant individual/organisation to process.

  3. Malicious: the deliberate distribution of sensitive information to a third party

Innocent Data Breach Example

In 2016, American giant, Federal Deposit Insurance Corp experienced an innocent data breach through a past employee. The employee in question, “inadvertently and without malicious intent” downloaded a series of confidential documents relating to client and commercial information and saved them to a portable storage device. It is scenarios such as this that significantly justifies the importance for businesses (large & small) to have detailed Data Protection procedures in place. These procedures are created to establish regulatory compliant methods for processing, storing and the secure disposal of the data within their control. Providing peace of mind to management that their systems and practices are fully compliant.

Careless/negligent

Carelessness is one risk that is difficult to control from managements perspective. The best method for management to protect their business is to focus on what they can control. In this case, educating employees and establishing effective monitoring procedures are two factors that management can control.

An example of effective education and monitoring would be to implement secure console units (secure bins) throughout your office space and introduce a procedure for all employees, informing them to insert all waste paper data in the provided consoles.

confidential shredding, secure bin

At the end of each week, conduct a spot check on all the remaining general waste bins inspecting for waste paper data. Continue this process for a number of weeks, highlighting non-compliance to all staff members, implement disciplinary procedures and monitor for improvement to attain 100% compliance.

Malicious

Similar to human error, malicious behaviour is extremely difficult and near impossible to control. The best method of equipping your Organisation for this kind of behaviour is to review all employment/HR guidelines and clearly outline your Organisation’s stance on malicious behaviour. This can result in criminal conviction of the said employee if proof of the malicious behaviour has been recorded.

Conclusion

With the introduction of the GDPR from Europe, Data Protection has become one of the most relevant and important compliance areas for Organisations to review and correct if deemed necessary. Lack of preparation may result in business ending penalties from Europe and simply cannot and should not be risked. It may seem daunting to undertake such a review however the resulting protection will far outweigh the workload of completing the review.

Fail to prepare, prepare to fail!

If you would like to receive any further information upon the GDPR and how to become compliant, please contact the team at Security in Shredding.

Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.

Data Protection Commissioner opens new Dublin Office

With the introduction of the New General Data Protection Regulation (GDPR) due to come into effect in May of 2018, the news of the Data Protection Commissioner’s Office (DPCO) expansion is a great development for Ireland and Irish Companies.

The expansion has been made possible through additional funding secured in the 2017 budget. With significant fines and penalty increases for non-compliance with The GDPR, making sure your Organisation is in compliance is essential.

Guidance to achieve compliance

To date, The DPCO has released guidance documents to help all individuals and Organisations to become aware of the legislative requirements. From record management, data access requests through to certified paper shredding, all Organisations will be required to review their practices.

With the significant number of Global Technology Organisations with operations in Ireland, coupled with Indigenous Irish Companies, the role and workload of the DPCO has grown to a Worldwide level.

The GDPR is a game changer in Ireland and across Europe. “It is a law that is going to lead the standard for data protection globally” said Dixon at the opening of The DPCO in Fitzwilliam Square, Dublin. She added, “It will include key new rights to better control for users of their personal data, and imposes corresponding obligations on organisations that collect data,”. This includes both digital data processed and stored upon data carriers in addition to the physical data printed and stored in paper format. End of life data, both in paper and digital format will be advised to be disposed of appropriately through a confidential shredding company.

Data Protection Officer appointment

paper shredding Dublin, Hard-Drive Destruction

One of the many new requirements under the GDPR is to appoint a Data Protection Officer. This requirement is for specific Organisations whose core business activities will consist of;

  • Data Processing activities
  • Large scale processing of the categories of data relating to criminal convictions
  • Public Bodies & Authorities (excluding courts relating to their judicial capacity)

The Data Protection Officer is required to have a full knowledge of the risks associated with their Organisations processing activities. The GDPR has clearly identified the Data Protections Officer’s role as an independent one. They cannot be instructed upon the relevance of the DPO responsibilities or a matter relating to Data Protection.

Data Protection Officer Independence & Knowledge

Staff training upon Data Protection will be the responsibility of the Data Protection Officer in addition to providing expert advice upon data protection impact assessments. The newly appointed Data Protection Officer can also take on additional tasks if required to do so, depending wholly that there is no conflict of interest with GDPR compliance while completing the tasks.

For further information upon the GDPR and/or any Data Protection guidance please contact the team here at Security in Shredding.

Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.

Do Irish Companies need a Data Protection Officer? – Companies Ireland

onsite paper shredding, paper shredding ireland, shredding company ireland, data protection officer

Image source: gdpr-info

Companies in Ireland – the General Data Protection Regulation (GDPR).

Within the EU GDPR there is a mandate for certain companies including specific Companies operating in Ireland that a Data Protection Officer is appointed within their business.

This Data Protection Officer will be the “go to” person within Irish companies and will manage the responsibility for Data Protection Compliance.

Responsibilities for the Data Protection Officer include but are not limited to;

  • Monitoring the company’s compliance with The Data Protection Law, managing training of staff for data protection and carrying out audits within the Organisation.
  • Providing advice to the Organisation relating to their obligations under the GDPR
  • Acting as the main contact point within the Organisation for the local Data Protection Authority (The Data Protection Commissioner)

Not all Irish companies will require to have an appointed DPO.

The circumstances listed below will require companies in Ireland will have a DPO;

  • Public Authorities processing public data (except for courts in their judicial capacity)
  • The Company in Ireland has a core activity which involve data processing operations and “require regular monitoring of data subjects on a large scale
  • The core activities of the organisation involve the processing of sensitive personal data on a large scale.

The specific size of the above listed processing activity is not detailed within the GDPR. There is not identifiable cut off point but it would be advised that Irish Companies to act on the side of caution rather than face the extreme financial sanctions for breaking the Law.

Paper shredding Dublin, paper shredding Cork, Paper shredding Galway, Paper shredding Limerick, offsite paper shredding service Ireland, off site paper shredding service Ireland, Off site shredding service Ireland, mobile paper shredding Ireland

Under Article 58 of the GDPR, in Ireland, the Office of The Data Protection Commissioner will be able to fine Irish companies who are found guilty of a data breach. Article 58 does not differentiate between an accidental breach and a deliberate breach. Fines for a data breach have been increased to a maximum of 20 million Euro or 4% of their global turnover, whichever is the larger.

If there was ever an appropriate time for Irish Companies to review all of their data processing activities, identify to whom they are releasing data to both digital data and paper data, it is now before the fines are in place and enforced.

Within the GDPR, a single DPO can represent multiple organisations and does not have to be a member of staff belonging to the specific Company. Therefore, several organisations can collectively appoint one DPO to represent their combined interests.

Currently it is clear to see through research conducted that the expected compliance is not matched by the level of knowledge and awareness within the market. An underestimated figure of 28,000 Data Protection Officers will need to be appointed throughout Europe before the GDPR becomes law.

For more information upon compliance with the GDPR please contact the Security in Shredding team for assistance.

Save

Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.

Five tips for Data Protection Compliance

Mobile paper shredding, onsite paper shredding service, onsite paper shredding, paper shredding service, confidential paper shredding service, offsite paper shredding service, onsite paper destruction service, document shredding services

Image source; lbenitez

With the introduction of The General Data Protection Regulation this year it is essential for Organisations to know that they are complying with the legislation. The first step in compliance is awareness and this article will give a brief overview of some tips to take into account to protect your Organisation. From data consent to third party data processing such as a confidential paper shredding service, I aim to guide you in the right direction.

A. Consent

Always obtain the data subjects consent prior to holding or using their personal data. All forms both physical and web-based which are designed to gather personal information should contain a statement detailing what the information is to be used for.

B. Sensitive data

When dealing with sensitive personal (race, political opinion, mental health etc.) data additional measures should be in place to ensure the security of the data. When this data has reached its end of life always securely destroy the data through a paper shredding service.

Paper shredding Dublin, paper shredding Cork, Paper shredding Galway, Paper shredding Limerick, offsite paper shredding service Ireland, off site paper shredding service Ireland, Off site shredding service Ireland, mobile paper shredding Ireland

C. Individual rights

Be aware of individual’s rights when dealing with information held upon them. If preparing reports always be aware that individuals have the right to see all personal data held about them which also includes emails and informal notes that have not gone through your document shredding service in place.

D. Review files

Data should only be retained when and where absolutely necessary. Securely disposal of the data once it is no longer required through an onsite paper shredding service and/or an offsite shredding service with a data processing firm and under contract. Establish and record regular reviews of the data in your control.

E. Secure disposal of records

When discarding waste data in paper format it is imperative to treat them confidentially. Never discard end of life data with conventional recycling streams. Waste paper data is not the same as general sorted office waste (SOW) before it is destroyed due to the fines and penalties attached to them for a breach. Always hire a professional paper shredding company to secure shred all documents and receive a certificate of data processing. The same applies to waste electronic data carriers such as hard-drives, always securely destroy them through a hard drive shredding service.

For any advice upon data protection and making your Organisation compliant please do not hesitate to contact one of our team through our website www.securityinshredding.com.

You can also follow us on
Twitter, YouTube, LinkedIn, Google+

Save

Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.

Confidential Paper Shredding Industry welcome Budget 2017 increase in funding for The Data Protection Commissioner

off site paper shredding service Ireland, offsite paper shredding service Ireland, paper shredding Dublin, paper shredding Cork, paper shredding Galway, paper shredding Limerick, secure document shredding Dublin, secure document shredding Cork, secure document shredding Galway, secure document shredding Limerick, confidential shredding Dublin, confidential shredding Cork, confidential shredding Galway, confidential shredding Limerick, shredding companies Ireland

Image source; memcreator

This week confidential paper shredding service vendors welcome the decision in this weeks budget for additional funding being allocated to The Data Protection Commissioners office. The additional funding makes up an increase of €2.8 million to the previous figure. This increase brings the total funding from The Irish Government for 2017 to €7.5 million. This much welcomed funding will be allocated to police and enforce the Data Protection Acts and protect Irish citizen’s data.

Even with the relatively small geographical size of Ireland, it has been difficult for the policing authority to monitor all activates by Organisations to ensure compliance with Data Protection.

An example; it can be difficult to investigate whether Organisations are complying with requirements for Data Processing (paper shredding) Cork while also completing the same for paper shredding Galway with almost 200 Kilometres in-between. The welcome news will certainly make an improvement in Ireland for Data Protection compliance and in turn protect our personal information.

off site paper shredding service Ireland, offsite paper shredding service Ireland, paper shredding Dublin, paper shredding Cork, paper shredding Galway, paper shredding Limerick, secure document shredding Dublin, secure document shredding Cork, secure document shredding Galway, secure document shredding Limerick, confidential shredding Dublin, confidential shredding Cork, confidential shredding Galway, confidential shredding Limerick, shredding companies Ireland

Whether it be confidential paper shredding Dublin or confidential paper shredding Limerick this announcement will help The Data Protection Commissioner to increase their employee numbers and enable them to fill in their new role with The General Data Protection Regulation from Europe.

Vice Chairman of the ISIA (SDD Division) said “This additional funding is a great step to further protecting European citizen’s personal data. With fines for a breach of legislation increasing up to €20 million it is a welcome announcement and Organisation now have the opportunity to comply.”

Shredding Companies Ireland will also have to make the leap to become compliant data processing firms, today there can be a number of high risk vendors in operation and education is the first step in protecting our data.

For any advice upon data protection and making your Organisation compliant please do not hesitate to contact one of our team through our website www.securityinshredding.com.

You can also follow us on
Twitter, YouTube, LinkedIn, Google+

Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.

Identity theft – stats, tips and how to protect your information

on site document shredding, onsite document shredding, clear out shredding, purge clear out service, off site document shredding, offsite document shredding, off site document destruction, offsite document destruction, shredding Ireland, paper shredding Ireland, paper shredding Ireland, on site paper destruction Ireland, onsite paper destruction Ireland

Image source: acuantcorp

Paper shredding in Ireland is a growing industry sector and for good reason. Approximately 7% of all adults within the US have their identities misused with substantial financial losses equating to approximately €3,000.

Close to 100 million additional people have their personal identifying information put at risk of identity theft each year when records from Government & Corporate databases are misplaced or stolen. It makes total sense to see secure, professional, and regulated destruction services being introduced and increased in Ireland. Services such as on site document shredding, clear out shredding, purge clear out services and off-site document shredding services are there for all Corporates and Governments to implement to protect your and my identity.

The level of sophistication used by organised crime to facilitate identity theft is ever increasing. Examples of such sophistication to name but a few are; tailored vishing scams, hacks of corporate and government databases to elaborate bots designed to hack your computer without leaving a trace.

on site document shredding, onsite document shredding, clear out shredding, purge clear out service, off site document shredding, offsite document shredding, off site document destruction, offsite document destruction, shredding Ireland, paper shredding Ireland, paper shredding Ireland, on site paper destruction Ireland, onsite paper destruction Ireland

Image source: prince.org

The more historic/basic methods of identity theft are still out there with high numbers of people being a victim of. Simply pick pocketing wallets, going through your waste bins for sensitive paper, following waste trucks to sift through the waste material for paper and social engineering to trick innocent people into releasing personal information still work and work well.

Within this article, I will highlight some of the straightforward ways you can have your identity stolen with the hope that I can help some potentially targeted people in protecting their identity. There are also some tips to protect yourself when possible.

How you can be a victim

  1. People going through a pharmacy waste bin, unfortunately not all pharmacies avail of offsite document shredding services and their bins can contain significant amounts of personal information.
  2. People hacking into GP records, health records from a doctor’s office contain vital personal information. Many identity thieves will try to hack medical facilities electronic health records.
  3. Never use your place of birth as your security question, it is easy to find out this information.
  4. RFID scanner, many credit and debit cards are enabled for contactless payments. Yes, this is convenient but if a thief can get close enough to you he/she can make a convenient withdrawal at your expense.
  5. Using camera phones, always be careful when you are in a situation where you need to show personal details and information, a camera phone could be watching you.
  6. Accepting strange friend request on social media, if you do not know who they are, our advice does not accept.
  7. Leaving bills in your mailbox for pickup, always deliver your bill personally
  8. Putting cheques in the mail, if required always place additional paper within the envelope so the data cannot be seen under lights.
  9. Never changing your passwords, you should always change your password at least once a year.
  10. Failing to consider once off credit cards, it is a good idea if you are not a regular online shopper.
  11. Leaving receipts behind, you should always take your receipts with you even if it only shows the last four digits of your account number.

For more tips to stay safe please contact one of our team at info@securityinshredding.com

Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.

Mobile paper shredding providers Security in Shredding go through Brexit and what it means for Data Protection and Privacy.

Mobile paper shredding, mobile paper shredding Ireland, off site shredding service Ireland, offsite shredding service Ireland, paper shredding Dublin, paper shredding Cork, paper shredding Galway, paper shredding Limerick, secure document shredding Dublin, secure document shredding Cork, secure document shredding Galway, secure document shredding Limerick, confidential shredding Cork, confidential shredding Dublin, confidential shredding Galway, confidential shredding Limerick, shredding companies Ireland

Image source: siliconrepublic

Uncertainty is ever present when dealing with Data Protection and since the Brexit referendum there is undoubtedly an increased level of uncertainty. Many questions are circling relating to how will this Brexit decision impact data processors and data controllers across key sectors of the UK and Irish economy.

For example, will paper shredding Dublin and the related legislations be the same as that in London, or will secure document shredding Galway be subject to separate legislation as that in Manchester. Similar issues arise when multinational Companies that for example, receive confidential shredding Limerick at their Limerick location and also receive confidential shredding Belfast in their Belfast location, will there be discrepancies in the requirements for each location to be compliant with Data Protection Legislation?

EU & The Single Market

Harmonisation of laws throughout Europe has been one of the main aspects of the EU. The current regulations for protecting personal data within both Ireland and The UK which include secure document shredding derive from EU Law. The Data Protection Commissioner in Ireland and the Information Commissioner in the UK released a statement saying that the on-going 1998 Act will remain law post Brexit.

Mobile paper shredding, mobile paper shredding Ireland, off site shredding service Ireland, offsite shredding service Ireland, paper shredding Dublin, paper shredding Cork, paper shredding Galway, paper shredding Limerick, secure document shredding Dublin, secure document shredding Cork, secure document shredding Galway, secure document shredding Limerick, confidential shredding Cork, confidential shredding Dublin, confidential shredding Galway, confidential shredding Limerick, shredding companies Ireland

Image source: bimetica

General Data Protection Regulation (Divergence of the Law?)

In May 2018 the General Data Protection Regulation will come into effect. Unlike its predecessor the Data Protection Directive, the GDPR will be a cross region regulation that will apply directly to all EU member states.

With The UK no longer being a member of The EU the GDPR will not apply to it. With this in mind there are many questions relating to the future path for UK data protection rules. In areas such as data transfers, subject access requests and data erasure whether it be paper shredding or Hard-Drive destruction.

If the UK wishes to remain a central location for IT & Finance then it will seem that they will have to comply with The GDPR, additionally if they wish to join the European Economic Area it will need to adopt the GDPR.

Mobile paper shredding, mobile paper shredding Ireland, off site shredding service Ireland, offsite shredding service Ireland, paper shredding Dublin, paper shredding Cork, paper shredding Galway, paper shredding Limerick, secure document shredding Dublin, secure document shredding Cork, secure document shredding Galway, secure document shredding Limerick, confidential shredding Cork, confidential shredding Dublin, confidential shredding Galway, confidential shredding Limerick, shredding companies Ireland

Image source: biopharma-reporter

What does it mean?

In plan terms, it is likely to remain business as usual for the next 12 – 19 months and the exit period is expected to take up to 2 years which ends a couple of months after the GDPR is implemented.

In many views, the Brexit outcome is beneficial to Ireland relating to Data Protection. The Republic will be the only English speaking nation with the benefits of being part of the EU free movements of services, people, goods workers and personal data.

This means that businesses can structure their operations so as to only be subject to one single data protection authority such as The DPC.

The content of is for information purposes only and does not constitute legal or other advice.

For more information please contact the Security in Shredding team.

Save

Save

Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.

10 Tips for protecting sensitive data in your Organisation

Shredding Companies Ireland, Confidential shredding limerick, confidential shredding Galway, confidential shredding Cork, confidential shredding Dublin, offsite document destruction, offsite document destruction, offsite document shredding, off site document shredding

Image courtesy of: ts-designs

The two main reasons why Organisations need to protect their data through hiring shredding companies Ireland or establishing security protocols are;

Reputation & Legislation both of which effect the financials of any given Organisation.

All companies inclusive of Shredding companies Ireland need to have some best practices in place to protect their sensitive data.

Historically legislation has varied from region to region within the EU which meant for example; a company receiving confidential shredding limerick may not be subject to the same fines, penalties and procedures as an Organisation receiving confidential shredding Paris.

With the new General Data Protection Regulation coming into effect the legislation will be harmonised across Europe. In 2018-2019 Organisations who experience a data breach through failing to have off site document shredding services in place will receive fines that will be subject to the same criteria as another Organisation may be in another region within Europe.

Shredding Companies Ireland, Confidential shredding limerick, confidential shredding Galway, confidential shredding Cork, confidential shredding Dublin, offsite document destruction, offsite document destruction, offsite document shredding, off site document shredding,

Image courtesy of: fedemac

Below is a small list of;

Ten Top Tips for protecting sensitive data within your Organisation;

  1. Ensure that all passwords are encrypted in nature. Do not have passwords easy to remember and introduce an encrypted method for password production.
  2. Protect against new malware. Constantly update your software to protect your Companies sensitive information. New malware is being released all the time so you need to be up to date to be protected.
  3. Eliminate USB Key memory drives. When possible Organisations should have a USB ban as it could lead to data being lost from your Company.
  4. Education, knowledge is power. Organisations are advised to run education courses for staff with specific responsibility for Data Protection.
  5. Be ready for disaster. Create a plan of action to follow in the case of a data breach. Fast and effective procedures for disaster reaction can make a significant difference to legal ramifications & your corporate reputation.
  6. Have reward systems vs penalty systems in place for staff. In an event of a data breach the key thing to take away is “what have we learned from this?” vs how will I punish the given employee.
  7. Be lenient with employee internet rules;
    1. A lock down scenario is not advised as studies have shown that it increases the likelihood of staff working around these sanctions while also putting your Organisation’s information at risk. Speak with staff, find out what they want and plan the best method of granting it to them.
  8. Establish a remote wipe facility;
    1. Leaving and losing mobile devices containing sensitive data is a growing concern for Organisations today. It is advised that you should encrypt all data on these devices and have a remote wiping facility.
  9. All confidential Information needs to be Encrypted.
    1. Do not make it easy for people to get access to information.
  10. Inclusion of staff. Include staff in all data protection control implementation. Do not depend on general information streams to effectively communicate the new rules and procedures in place, make specific meetings with the specific departments to effectively communicate your message.

For further information upon how to protect your Organisation from Data loss please contact one of the Security in Shredding Team.

Email: info@securityinshredding.com

Save

Save

Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.

Ireland Businesses – Top Six threats to Data Privacy

clear out shredding, onsite document shredding, on site document shredding, onsite shredding service Ireland, on site shredding service Ireland, onsite paper destruction, on site paper destruction, shredding confidential paper, confidential document shredding, confidential document destruction

All Businesses in operation in Limerick, Cork, Dublin, Galway and across Ireland will be aware of Data Breaches and the risks associated with them. A data breach can come in the form of a paper breach when failing to implement confidential document destruction and a digital breach when failing to have appropriate security procedures in place. The knock on negativity that an Organisation faces affects client relationships in addition to damaging your Company image.

In many cases due to DATA PROTECTION LAW your Organisation may be legally responsible to your customers. In this article I will go through my top six threats to Data Privacy for Organisations.

clear out shredding, onsite document shredding, on site document shredding, onsite shredding service Ireland, on site shredding service Ireland, onsite paper destruction, on site paper destruction, shredding confidential paper, confidential document shredding, confidential document destruction

Top SixThreats;

  1. Lack of Data Protocols

In many data breach cases it is found that there was a failure of the Organisation to have even the most basic protocols in place to minimise the loss of customer and employee data. Examples have been; a failure to have confidential paper stored in a secure location when not in use and waste paper material being destroyed through an onsite document shredding facility.

  1. Restricted access to information

A regular mistake by Organisations today both Public and Private is to restrict access to confidential information for employees. A simple “need to know” procedure is a great step in achieving data security.

  1. Failing client expectations

Within many Organisations there seems to be a free for all information sharing tendency. However, in today’s competitive environment business clients and public clients to given Organisations expect to have their information maintained securely. Various staff members with varying staff functions are not required to know one another data details. A simple contract inclusion at employment stage would reduce and minimise this non-required cross function data sharing tendency.

  1. Extended information gathering & sharing

There is an increasing trend in information gathering through online forms and “opt out” functions. This information may be shared among Organisations with no accurate business case to justify such sharing.

  1. Increases in technology

This point covers a multitude of technologies but I will mention two different kinds;

  1. Confidential document shredding – reconstruction technologies
  2. Online digital data technologies that part individuals from their personal information for fraudulent use.
  1. Lack of awareness

There is a concerning level ignorance or lack of knowledge from a Data Controller perspective and general public perspective when dealing with sensitive data.

Data Controllers may lack a degree of awareness of their data protection obligations, such examples can be failing to complete a clear out shredding process at the end of each calendar year or failing to have a confidential document destruction process in place for daily generated materials.

For more information on data privacy Email us at info@securityinshredding.com 

The Data Protection Commissioner phone no: +353 57 868 4800

Save

Save

Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.

Why is waste office paper not actual waste? (Onsite Paper Destruction)

sis-shredded-paper-photo-6

Historically and in some cases today people and Organisations have disposed of waste paper through waste recycling streams and have not hired in an Onsite shredding service nor an offsite shredding service for documents that are no longer required.

Within this blog entry I will be discussed Waste Vs Data (Liability).

Under Waste Management Legislation paper contains a European Waste Catalogue (EWC) Code, now this code means that the material needs to;

  1. Be recycled in line with The European Waste Hierarchy
  2. Be handled and processed through an Organisation that have a waste permit.

Having a waste permit does not mean that you are a waste company and in turn, having systems in place to recycle paper does not mean that you are a Data Processor that provides paper shredding services (I will cover this in more detail later).

Organisations such as Construction firms, Removal firms and Storage firms have waste permits in order to carry their materials but none of these firms are waste operators.    With this in mind, why would you release your confidential information that holds legislative fines of up to 20 Million Euro to a waste firm to recycle for you? Even if the waste firm offers “secure paper shredding services”, there is still no reason to justify releasing your data to them based on your legislative responsibility and obligations.

Off site document shredding

Data Processor Vs Materials Processor

A Data Processor is a person/Organisation who processes (E.g. Destroys) personal data on behalf of a Data Controller. A Data Controller is a person/Organisation who controls the contents and use of personal data (Any Organisation).

The key point to take away here is that Data Protection Laws only apply to Data Processors and Data Controllers. So, if a Data Controller (You) releases “waste” paper DATA to a waste firm to be recycled (Securely or not), under Data Protection Law you have released personal data to an Organisation who may not be a Data Processor and the waste firm may understand it as you (The Data Controller) has actually releases waste material (Paper material) for recycling. In the case of a data breach occurring here who do you feel will be at fault and who will receive the fines of up to 20 Million Euro, yes your correct, it will be you The Data Controller.

So when you are deciding upon what paper shred service to implement within your business, it is important to understand that you need a Data Processing Firm to destroy that data for you. If an Organisation is for example offering secure onsite paper shredding or secure offsite paper shredding they need to acknowledge that it is Data that they are processing for you.

For more information upon Data Protection and how to protect your business please contact one of our helpful team at;

info@securityinshredding.com

Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.