This page contains a Flash digital edition of a book.
On the front line for effective information destruction


When it comes to the handling and disposal of confidential waste, to fulfill an organisation’s obligations under the Data Protection Act, it is imperative that facilities managers take the utmost care when selecting an information destruction provider to work in such a security-critical area writes Russell Harris, Chairman, BSIA Information Destruction (ID) Section.


G


iven the extremely sensitive nature of the information contained on the waste being processed – from paper to computer hard-drives – any company bidding for this work should, as a prerequisite, be able to provide conclusive proof to facilities managers that they adhere to a strict code of ethics. They should also, crucially, satisfy the provisions laid out in the pivotal European Standard EN 15713. In the event that no such assurances are forthcoming then facilities managers are advised not to proceed and instead seek out a more reputable provider.


Compliance with the EN 15713 standard has to be at the heart of a robust solution with a verifiable audit trail. This should be non-negotiable. Key requirements range from site security to material specific shred sizes and, crucially, the vetting of staff that will be involved in the disposal to BS 7858. The checking of staff is a vital element to ensure that they do not have any criminal convictions which could, potentially, put the security of data in jeopardy.


Detailing the Dangers


The point to stress here is that, in the context of information destruction, there really can be no place for shortcuts, or a sticking plaster approach, as opportunist criminals will be all too willing to take advantage of any lapses. The ramifications, when things go wrong with data disposal, can be extremely serious. Organisations may find themselves, and those they deal with, exposed to data breaches and identity fraud which, experience suggests, can have major long-term consequences at a financial and reputational level. A recent BSIA Information Destruction Section survey underlines the dangers with 19 per cent of the organisations that replied having been a victim of a serious data fraud incident. Where breaches occurred, half were attributed to paper and the rest were related to computer hard-drives and associated media.


Sadly, over the years organisations, who failed to adopt a best practice approach to the outsourcing of information destruction, have suffered at the hands of unscrupulous providers. In many cases


Building & Facilities Management – November 2011 news 7


finding out, at a later date, when sensitive data is exposed, that the hard-drives they thought were wiped, or documents shredded, had not been processed professionally but simply sold-on, dumped with normal municipal waste, or disposed of through fly-tipping.


Secure Disposal


So what security precautions should be taken when dealing with sensitive information disposal? There are a number of methods that can be readily employed for safe and secure information destruction and include on and off-site destruction as well as incineration. When carried out at a customer’s premises a professional information destruction company, whose staff should be vetted to BS 7858, will carefully shred information and data on-site using a specialised vehicle. The processed materials will then be compacted into the rear storage compartment of the vehicle and taken away for recycling. Before leaving site the professional provider will ensure that all materials are shredded beyond recognition – in line with EN 15713 – and provide a full audit trail including the all-important certification of destruction. Another option for disposal is for the material to be picked-up from an organisation and taken away in a secure truck to be dealt with off-site. In this case the destruction must be carried out under contract and evidenced in writing and,


crucially, the premises of the provider must meet the security requirements stipulated in EN 15713. A further, less common, method of destruction is incineration with the potential for the energy generated to be fed back into the National Grid to create power.


Addressing the Data Disposal Gap Looking ahead, in light of the exponential growth in the type, and format, of confidential information, the need for best practice destruction has never been greater to avoid data falling into the wrong hands and to ensure compliance with the Data Protection Act. Sadly there is still a major shortfall in best practice that needs to be bridged, a data disposal gap that was starkly illustrated, recently, when our ID Section research found that only 50 per cent of


organisations used a so-called professional provider and, even more worryingly, of those only half knew if their provider was working in line with EN 15713. At the BSIA ID Section we believe that EN 15713 compliance is pivotal to the delivery of a professional solution.


A video highlighting the BSIA ID Section’s research findings can be viewed on the BSIA’s YouTube Channel at: http://youtu.be/7ieh03Vhp30


For more information about secure data destruction and best practice please visit: www.bsia.co.uk/shredding


News


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32