Members of the British Security Industry Association’s (BSIA) Information Destruction section are warning organisations from all sectors to ensure that they comply with the Data Protection Act.
This comes following the news that the Greater Manchester Police force has been fined £150,000 for a breach of the Act.
The Data Protection Act 1998 is an Act of Parliament which controls how personal information is used by organisations, businesses or the government and is enforced by the Information Commissioner’s Office (ICO). The ICO has been granted a number of powers to enforce the Act including non-criminal enforcement and audit, monetary penalties up to £500,000 and even criminal prosecution. In addition, businesses run the risk of significantly damaging their reputation by failing to comply with the Act.
To fully comply with the Data Protection Act, businesses should ensure that they follow the eight data protection principles. Under the Seventh Principle of the Data Protection Act, businesses are obliged to take appropriate measures against accidental loss, destruction or damage to personal data and against unauthorised or unlawful processing of the data.
Chairman of the BSIA’s Information Destruction section, Don Robins, comments: “Businesses need to safeguard the individuals that they hold data on by ensuring that documents are shredded by a reputable data destruction company when they are no longer required. The same caution must also be taken with computer or laptop hard-drives and any other items which could be used to identify or impersonate individuals.”
To ensure that confidential data is disposed of securely, businesses should have a written contract with a company capable of handling confidential waste, which can provide a guarantee that all aspects of collection and destruction are carried out in a secure and compliant manner. To ensure this, suppliers should comply with European Standard BS EN15713:2009 for security shredding and also BS7858 for staff vetting.
Data controllers wishing to securely dispose of confidential material can consult a member of the BSIA’s Information Destruction section which consists of companies that securely destroy a range of confidential information including paper, DVDs and computer hard-drives. All section members work to a European Standard for the secure destruction of confidential material (BS EN15713:2009) as part of their ISO9001 inspection.
For more information or to source a supplier of information destruction services, please visit: www.bsia.co.uk/sections/information-destruction