CCTV & GDPR

Posted on November 20, 2019 by Security in Shredding

When we think of GDPR data protection, most of us have a tendency to consider organisations retaining specifics, such as our name, date of birth, address, financial details etc. But there is a manner of attaining data that is so prevalent we scarcely notice it anymore – CCTV.

If your company makes use of CCTV, you must know that the images compiled are categorised as personal data and subject to GDPR data protection regulations. In order to be GDPR compliant you need to have a clear policy stating the reasoning behind it, security, risk of theft etc. People need to be aware they are being recorded on CCTV so it is necessary to place signs in areas that are observed with CCTV.

Your policy should also include how long you intend to keep the footage for which is generally accepted as 30 days. If you need to keep it longer your policy will need to include why it is necessary for it to be kept this long. Here you can find detailed information on the code of practice for CCTV.

Eventually it will be necessary to delete old footage, your system will most likely have a setting that will auto delete over a number of days depending on what you set it to. However, if you decide to upgrade your entire system your hard drives will need to be destroyed as data can be recoverable long after it is deleted and removed from your system. This can be detrimental to your compliance with GDPR. I would recommend the use of data destruction services. Here at ‘Security in Shredding’ items received for destroying data are logged on our asset tracking software; our clients receive a comprehensive report during the invoicing stage in order for complete traceability. This will allow you peace of mind and keep your business at the highest standard of security and compliance.

Security in Shredding

Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.

Getting Ready for 2020

Posted on November 12, 2019 by Security in Shredding

2020 is fast approaching. Rather than leaving things to the last minute, now is the time to begin your end of year clear-out. What needs to be shredded and what needs to be kept in storage? As a general rule, older archives past the 7-year date mark should be destroyed. This whole process can be overwhelming and time consuming however in order to keep the procedure as time efficient and simple as possible there are a few questions you should ask yourself.

What is the type of data?
Why do you have it? Do you really need it? Is it easy to get that information again if you need it down the line?
Where is it kept? Is it kept in filing cabinets? Or is it digitally saved?
When was it acquired? Has it been over 7 years ago? Is it time to remove it from your records?
Who has access to it?

Answering these questions should provide you with the necessary solutions you need in order to keep compliant with the GDPR. When asking yourself these questions it is important to consider all forms of data; confidential paper, hard-drives and media devices, or branded products such as business cards or uniforms etc. Once all this is organised it is time to contact your trusted shredding company who can provide you with options for the certified destruction of your data.

The sooner you begin; the sooner you are ready for the new year.

Security in Shredding

Cyber Security – What can you do?

Posted on November 8, 2019 by Security in Shredding

As important as ensuring your physical data is kept secure through a paper shredding service, digital data security needs to be managed. Everything in today’s world is online from business to leisure. Most of our days are spent connected to some network or another, in front of one screen or another. Data is our most valuable resource. For a business data is customer information which needs to be protected. Why would anyone choose to frequent a business or establishment that has zero ability to keep their information safe and secure? There are a number of things that can be done in order to ensure that this is achieved. Some may seem obvious and simple but may be the difference between success and failure.

1. Firewall & Virus Protection

Always have a strong firewall and virus protection on your computers and devices that connect to the internet. A hacker is a person who uses computing devices to gain unauthorised access to data. If a hacker breaks through any defences you have, they not only will have access to what you do or say online but also to every file on your PC and every keystroke you make.

2. Strong Passwords

Passwords should not be obvious and the best passwords are random letters and symbols. They shouldn’t be written down anywhere. It is also recommended to use a different password for every account or device you use. However, remembering all these random letters and symbols can be impossible for most people, password managers are useful in this situation. They pose their own risks too however.

3. Avoid Public Wi-Fi

If at all possible do not use public Wi-Fi. It is not secure enough. When out and about its best to have Wi-Fi switched off on your phone, some phones scan for Wi-Fi networks even when it seems to be switched off so make sure your settings are all correct. However, bringing your laptop to Starbucks and conducting business can be comfortable and convenient on the go. If you really must use public Wi-Fi try to find a good VPN. A VPN will allow you to send and receive data across shared or public networks as if you are directly connected to your private network.

4. Share less on Social Media

Sharing personal information on social media is a sometimes overlooked method of staying secure. While you may not post things such as your home address or personal email address, depending on your settings you may be revealing all of this information without even realising. Check your settings on whatever platform you use and make sure all your privacy settings are up to the standard you require.

5. Hard-Drive and Media Destruction

Even when you have deleted a file or an app on your phone or PC that information still exists. Hard drives are recoverable even when they have been completely wiped. When you are destroying data devices formatting them just won’t cut it. Old and unused data devices should be destroyed through a hard-drive shredding service. Security in Shredding provide a nationwide Hard-Drive shredding service. This will cover the destruction of most media devices; phones, hard-drives, USB sticks, CD’s, floppy discs etc. Just throwing these out as they are will make you vulnerable.

Security in Shredding

Why I need to Shred – Shredding Company or In-House?

Posted on November 6, 2019 by Security in Shredding

Why do I need to Shred Data?

On the 25^th May 2018 a new law came into play, The General Data Protection Regulation (GDPR) affecting businesses of all shapes and sizes.

All business, Irish Business or International generate and process data through their operations. This data has to be created, managed and destroyed (i.e. Through a Paper Shredding Service, In-house Shredding and/or Hard-Drive Shredding Service).

The GDPR splits data mainly into two categories;

Personal Data (i.e. information which can directly connect to or identify a living person such as; name, phone number, medical history etc.)

Special Category Personal Data (i.e. personal data in relation to; ethnicity, political/philosophical opinions/beliefs, religion, mental health, criminal records etc.)

Each of the above categories have specific requirements when processing such information. This means it is important to know what category you are processing.

Enforcement Authority

Each EU state has an independent public authority accountable for enforcing the implementation of this regulation. This is the Data Protection Commission in Ireland.

The GDPR harmonized the rules to how data is to be managed in order to protect individuals. The management includes, the gathering/creation of the data through to the final destruction/disposal of the data through a paper shredding service or IT Asset Disposal Service.

Paper Shredding, Data Management, GDPR, Onsite Shredding Service, Shredding Service

There are serious implications that can occur if a business does not follow the GDPR requirements. It may be a warning or a large penalty of at least 4% of your annual global turnover or €20 million – whichever is higher. Compliance is essential.

Shredding Service Industry Associations

There are many associations across the world for Shredding Companies to become a member. This provides peace of mind for individuals as the Association can apply guidelines for their members to be compliant with International Legislation.

Length of Time Storing Data Prior to Secure Shredding / Data Erasure

Information must be kept for as little time as possible. It is important to take into account why your company needs to store this data; is there a legal obligation? A system should be put in place with time limits/reviews and updates to out of date information/data.

To summarise, you need to shred/destroy out of date records/files/documents because it is the law. In order to be fully compliant it is invaluable to use a quality certified destruction service that will not only ensure all data is eradicated but will also provide compliance certification for your records. This will be invaluable when proving that your company/business is fulfilling their obligation to the GDPR.

The law is reason enough to shred on its own but how do businesses know what service best suits them? In our upcoming blog posts I will be discussing different types of shredding, what makes the shredding company you choose legally compliant and if onsite or offsite shredding would work best for you?

For Further info – please contact the team at Security in Shredding info@securityinshredding.com

Security in Shredding

Benefits of Hard Drive Destruction

Posted on October 16, 2018 by Security in Shredding

Small and large businesses, medical offices, government agencies, and many other organisations have one thing in common, they all use computers on an everyday basis sharing, creating, storing, and emailing sensitive information. As technology expands, electronic data keeping is drastically increasing. There is so much information being passed around online and saved on hard drives, you need to be confident that your data is safe and there is no chance for exposure. If you have been in business for a long time, the key to success is keeping up with the technology. If equipment comes into damage then you may need to replace it, therefore you are going to have hard drives lying around which is never a good thing. Secure hard drive disposal should be your priority. While it may seem more cost-effective to get rid of the hard drive yourself by throwing it away, you can then at risk of confidential data been retrieved and used, therefore it is crucial it is destructed of the right way. Throwing it does not provide protection to your employees, your clients, and your company. The most secure method of hard drive destruction is hiring a professional company who specialises in the right destruction of electronic data storage media.

Read on to find out the many benefits of Hard Drive Destruction:

Peace of Mind

The appropriate destruction of your sensitive information can give you peace of mind that it is disposed of the right way. You will not have to worry about been high risk for costly data breaches. For the ultimate peace of mind Hire the best, reliable, trusted, and quality company to destroy your hard drives efficiently. There is no way a breach can occur so protect your business at all times.

Follows the compliance legislation

It is imperative that you dispose of sensitive data the right way due to the privacy legislation like FACTA and HIPAA. Hard drive destruction is under these legislations. By following these legislations your company will remain in compliance with privacy laws.

It frees up office space

Keeping and storing old hard drives in your office can take up a lot of valuable space. Free up office space quickly and save a lot of time by hiring a professional hard drive destruction company to do the job for you quickly and safely.

All data is fully removed

Data is easily retrievable from erased hard drives, somewhat damaged hard drives, and even thrown away ones. Physical destruction of a hard drive is the only way to securely destroy and make data never to be recovered. It is highly vital that this procedure is completed correctly by a professional company.

Why choose Security in Shredding for your Hard Drive Destruction?

We can dispose and destroy your old hard drive in a professional and compliant manner.
Our hard drive destruction methods will ensure complete peace of mind that your data and privacy information is completely destroyed and not retrievable.
We record all items that are destructed and all clients will receive a detailed report for full traceability of their hard drive.
We can take the pressure off your shoulders and do the job hassle free for you.
Our destruction services are carried out by trained and fully qualified specialists that you can rely on.
Our professionalism and expertise are second to none.
All our services are in compliance with the hazardous and the WEEE directive waste regulations.
Security and safety of your belongings is our number one priority.

Security in Shredding

Do Irish Companies need a Data Protection Officer? – Companies Ireland

Posted on November 22, 2016 by Security in Shredding

onsite paper shredding, paper shredding ireland, shredding company ireland, data protection officer

Image source: gdpr-info

Companies in Ireland – the General Data Protection Regulation (GDPR).

Within the EU GDPR there is a mandate for certain companies including specific Companies operating in Ireland that a Data Protection Officer is appointed within their business.

This Data Protection Officer will be the “go to” person within Irish companies and will manage the responsibility for Data Protection Compliance.

Responsibilities for the Data Protection Officer include but are not limited to;

Monitoring the company’s compliance with The Data Protection Law, managing training of staff for data protection and carrying out audits within the Organisation.
Providing advice to the Organisation relating to their obligations under the GDPR
Acting as the main contact point within the Organisation for the local Data Protection Authority (The Data Protection Commissioner)

Not all Irish companies will require to have an appointed DPO.

The circumstances listed below will require companies in Ireland will have a DPO;

Public Authorities processing public data (except for courts in their judicial capacity)
The Company in Ireland has a core activity which involve data processing operations and “require regular monitoring of data subjects on a large scale
The core activities of the organisation involve the processing of sensitive personal data on a large scale.

The specific size of the above listed processing activity is not detailed within the GDPR. There is not identifiable cut off point but it would be advised that Irish Companies to act on the side of caution rather than face the extreme financial sanctions for breaking the Law.

Under Article 58 of the GDPR, in Ireland, the Office of The Data Protection Commissioner will be able to fine Irish companies who are found guilty of a data breach. Article 58 does not differentiate between an accidental breach and a deliberate breach. Fines for a data breach have been increased to a maximum of 20 million Euro or 4% of their global turnover, whichever is the larger.

If there was ever an appropriate time for Irish Companies to review all of their data processing activities, identify to whom they are releasing data to both digital data and paper data, it is now before the fines are in place and enforced.

Within the GDPR, a single DPO can represent multiple organisations and does not have to be a member of staff belonging to the specific Company. Therefore, several organisations can collectively appoint one DPO to represent their combined interests.

Currently it is clear to see through research conducted that the expected compliance is not matched by the level of knowledge and awareness within the market. An underestimated figure of 28,000 Data Protection Officers will need to be appointed throughout Europe before the GDPR becomes law.

For more information upon compliance with the GDPR please contact the Security in Shredding team for assistance.

Save

Security in Shredding

Five tips for Data Protection Compliance

Posted on October 14, 2016 by Security in Shredding

Mobile paper shredding, onsite paper shredding service, onsite paper shredding, paper shredding service, confidential paper shredding service, offsite paper shredding service, onsite paper destruction service, document shredding services

Image source; lbenitez

With the introduction of The General Data Protection Regulation this year it is essential for Organisations to know that they are complying with the legislation. The first step in compliance is awareness and this article will give a brief overview of some tips to take into account to protect your Organisation. From data consent to third party data processing such as a confidential paper shredding service, I aim to guide you in the right direction.

A. Consent

Always obtain the data subjects consent prior to holding or using their personal data. All forms both physical and web-based which are designed to gather personal information should contain a statement detailing what the information is to be used for.

B. Sensitive data

When dealing with sensitive personal (race, political opinion, mental health etc.) data additional measures should be in place to ensure the security of the data. When this data has reached its end of life always securely destroy the data through a paper shredding service.

C. Individual rights

Be aware of individual’s rights when dealing with information held upon them. If preparing reports always be aware that individuals have the right to see all personal data held about them which also includes emails and informal notes that have not gone through your document shredding service in place.

D. Review files

Data should only be retained when and where absolutely necessary. Securely disposal of the data once it is no longer required through an onsite paper shredding service and/or an offsite shredding service with a data processing firm and under contract. Establish and record regular reviews of the data in your control.

E. Secure disposal of records

When discarding waste data in paper format it is imperative to treat them confidentially. Never discard end of life data with conventional recycling streams. Waste paper data is not the same as general sorted office waste (SOW) before it is destroyed due to the fines and penalties attached to them for a breach. Always hire a professional paper shredding company to secure shred all documents and receive a certificate of data processing. The same applies to waste electronic data carriers such as hard-drives, always securely destroy them through a hard drive shredding service.

For any advice upon data protection and making your Organisation compliant please do not hesitate to contact one of our team through our website www.securityinshredding.com.

You can also follow us on
Twitter, YouTube, LinkedIn, Google+

Save

Security in Shredding

Confidential Paper Shredding Industry welcome Budget 2017 increase in funding for The Data Protection Commissioner

Posted on October 14, 2016 by Security in Shredding

off site paper shredding service Ireland, offsite paper shredding service Ireland, paper shredding Dublin, paper shredding Cork, paper shredding Galway, paper shredding Limerick, secure document shredding Dublin, secure document shredding Cork, secure document shredding Galway, secure document shredding Limerick, confidential shredding Dublin, confidential shredding Cork, confidential shredding Galway, confidential shredding Limerick, shredding companies Ireland

Image source; memcreator

This week confidential paper shredding service vendors welcome the decision in this weeks budget for additional funding being allocated to The Data Protection Commissioners office. The additional funding makes up an increase of €2.8 million to the previous figure. This increase brings the total funding from The Irish Government for 2017 to €7.5 million. This much welcomed funding will be allocated to police and enforce the Data Protection Acts and protect Irish citizen’s data.

Even with the relatively small geographical size of Ireland, it has been difficult for the policing authority to monitor all activates by Organisations to ensure compliance with Data Protection.

An example; it can be difficult to investigate whether Organisations are complying with requirements for Data Processing (paper shredding) Cork while also completing the same for paper shredding Galway with almost 200 Kilometres in-between. The welcome news will certainly make an improvement in Ireland for Data Protection compliance and in turn protect our personal information.

Whether it be confidential paper shredding Dublin or confidential paper shredding Limerick this announcement will help The Data Protection Commissioner to increase their employee numbers and enable them to fill in their new role with The General Data Protection Regulation from Europe.

Vice Chairman of the ISIA (SDD Division) said “This additional funding is a great step to further protecting European citizen’s personal data. With fines for a breach of legislation increasing up to €20 million it is a welcome announcement and Organisation now have the opportunity to comply.”

Shredding Companies Ireland will also have to make the leap to become compliant data processing firms, today there can be a number of high risk vendors in operation and education is the first step in protecting our data.

For any advice upon data protection and making your Organisation compliant please do not hesitate to contact one of our team through our website www.securityinshredding.com.

You can also follow us on
Twitter, YouTube, LinkedIn, Google+

Security in Shredding

Protecting your online privacy – Top tips (Part 2 of 2)

Posted on October 7, 2016 by Security in Shredding

Offsite document shredding, offsite document shredding, shredding Ireland, paper shredding Ireland, on site paper destruction Ireland, mobile paper shredding, off site paper shredding service Ireland.

Image source: betanews

As mentioned in our previous article, information in paper form can be destroyed through an onsite paper shredding service Ireland or an in-house onsite paper shredding facility.

Reputable paper shredding companies with the required certifications can also provide offsite document shredding services where your paper data is released to be destroyed under contract. The key points here are that the vendors providing the offsite paper shredding service have the required certifications and you have agreed under contract for the data to be processed which is the actual paper shredding process.

When talking about releasing personal paper files for offsite paper shredding the majority of people will always be concerned with whom they are giving the data to however when the data is in digital form and communicated through the internet the same level of caution does not always be applied.

Our first five tips to protect yourself online were;

In this article we will list our final five tips on protecting yourself online.

#1. Be aware of potential monitoring at work

In many Countries employees have little to no privacy protection from their employers. With this in mind, when discussing sensitive topics in email be sure of whom you are communicating to. Keep private data on your home network at home.

#2. Be aware of rewards & prizes offered by sites.

More than likely these kind of sites are gathering information for direct marketing purposes. In this scenario your name and address s sold for marketing purposes.

#3. Be conscious of your home computer security

If you home computer is set up on a DSL line that runs 24 hours be sure to turn off your computer when not using it. Many PCs will have poor security levels and system hackers will search for vulnerable computers and can invade them and get into your files and personal details.

#4. Use encryption

Good encryption will utilise security codes that are difficult crack and protect your data. There are easy to use mail and file encryption services available out there. Hopefully all devices will come with security encryption built into their servers, until then, be aware and be safe.

#5. Never reply to spammers

These Spam messages also known as unsolicited bulk email need to receive a response to tell their system that this email is being used. If you end up opening one of these messages check to see if there is anything in your outgoing box in case there is a return receipt attached to the mail. If you are getting spammed there are a great deal of filters and anti-spam services available out there.

Awareness if key, receive some education and proceed with caution are the best tips to have. Technology is every advancing and with it you also need to evolve, increase your knowledge and you will be in a safer position.

For more information on online security or confidential paper shredding service Ireland please contact one of our team on info@securityinshredding.com.

You can also follow us on
Twitter, YouTube, LinkedIn, Google+

Security in Shredding

Identity theft – stats, tips and how to protect your information

Posted on September 30, 2016 by Security in Shredding

on site document shredding, onsite document shredding, clear out shredding, purge clear out service, off site document shredding, offsite document shredding, off site document destruction, offsite document destruction, shredding Ireland, paper shredding Ireland, paper shredding Ireland, on site paper destruction Ireland, onsite paper destruction Ireland

Image source: acuantcorp

Paper shredding in Ireland is a growing industry sector and for good reason. Approximately 7% of all adults within the US have their identities misused with substantial financial losses equating to approximately €3,000.

Close to 100 million additional people have their personal identifying information put at risk of identity theft each year when records from Government & Corporate databases are misplaced or stolen. It makes total sense to see secure, professional, and regulated destruction services being introduced and increased in Ireland. Services such as on site document shredding, clear out shredding, purge clear out services and off-site document shredding services are there for all Corporates and Governments to implement to protect your and my identity.

The level of sophistication used by organised crime to facilitate identity theft is ever increasing. Examples of such sophistication to name but a few are; tailored vishing scams, hacks of corporate and government databases to elaborate bots designed to hack your computer without leaving a trace.

Image source: prince.org

The more historic/basic methods of identity theft are still out there with high numbers of people being a victim of. Simply pick pocketing wallets, going through your waste bins for sensitive paper, following waste trucks to sift through the waste material for paper and social engineering to trick innocent people into releasing personal information still work and work well.

Within this article, I will highlight some of the straightforward ways you can have your identity stolen with the hope that I can help some potentially targeted people in protecting their identity. There are also some tips to protect yourself when possible.

How you can be a victim

People going through a pharmacy waste bin, unfortunately not all pharmacies avail of offsite document shredding services and their bins can contain significant amounts of personal information.
People hacking into GP records, health records from a doctor’s office contain vital personal information. Many identity thieves will try to hack medical facilities electronic health records.
Never use your place of birth as your security question, it is easy to find out this information.
RFID scanner, many credit and debit cards are enabled for contactless payments. Yes, this is convenient but if a thief can get close enough to you he/she can make a convenient withdrawal at your expense.
Using camera phones, always be careful when you are in a situation where you need to show personal details and information, a camera phone could be watching you.
Accepting strange friend request on social media, if you do not know who they are, our advice does not accept.
Leaving bills in your mailbox for pickup, always deliver your bill personally
Putting cheques in the mail, if required always place additional paper within the envelope so the data cannot be seen under lights.
Never changing your passwords, you should always change your password at least once a year.
Failing to consider once off credit cards, it is a good idea if you are not a regular online shopper.
Leaving receipts behind, you should always take your receipts with you even if it only shows the last four digits of your account number.

For more tips to stay safe please contact one of our team at info@securityinshredding.com

Security in Shredding