This page contains a Flash digital edition of a book.
Security


Facilitating secure data destruction By Russell Harris, Chairman, BSIA Information Destruction (ID) Section


It is imperative, when facilities managers go out to tender for an information destruction service, that is ultimately going to be tasked with the handling and disposal of the most confidential and sensitive of their organisation's data - and the media it is held on - that they resist the obvious temptation to appoint the lowest priced provider, particularly, given the extent of the dangers that are out there, with the cost of identity fraud to the UK economy estimated by the Home Office to be in the region of £1.7 billion per year. The reality is that once information gets into the wrong hands - and there are plenty of criminals out there who will engage in activities such as data fraud - there can really be little control exercised over how it is ultimately used.


ID Section, and announced for the first time at the Total Workplace Management event, has taken a closer look at the experience of public and private sector organisations across the UK with regards to


Recent research, undertaken on behalf of the BSIA's


secure data disposal and discovered that nearly a fifth (19 per cent) have been the victim of a serious information breach. The survey also underlined that there can be no room for complacency with the vast majority of respondents - 79 per cent - believing that the threat posed by the loss of confidential information to their organisations had either increased or remained the same over the past 12 months.


A Question of Standards When it comes to the handling and safe disposal of confidential waste in a professional manner, and to meet their corporate and personal liabilities under the Data Protection Act, facilities managers really need to look to waste management companies that actually specialise in this area and adhere to a structured code of ethics, comply with the security requirements set out in the European Standard EN 15713 which covers key elements such as: site security, material specific shred sizes, the actual recording of the destruction process and the vetting of their staff who will be handling the sensitive material to BS 7858.


best practice, and helping to develop industry standards, for over a decade now and we were heavily involved, through a Code of Practice and a British Standard, in what ultimately became EN 15713.


For our part at the BSIA's ID Section we have been promoting


Addressing the Data Disposal Gap Unfortunately, the adoption of a 'sticking plaster' approach by some organisations to measures such as shredding, when dealing with their confidential material, whether it be paper- based information or stored on computer hard-drives, and who they ask to handle it has created what we would see as a worrying data disposal gap. Although cost can be a legitimate concern for facilities managers when outsourcing disposal, in these tougher economic times, price should only ever be judged as one of a number of factors, and not as the prime driver when a decision is being made to implement an information destruction service. We would argue instead that when searching questions are being put to prospective providers, a request for concrete evidence of EN15713 compliance should be at the very the top of the list rather than


8


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32