Many public and private firms still do not have procedures in place to destroy vital information |
Sadly from the BSIA's experience - and as frequent news headlines testify - despite numerous warnings a worrying number of public and private organisations still do not have robust procedures in place to destroy the information they hold in line with their Data Protection Act obligations. The result of this 'data disposal gap' is that organisations are likely to find themselves liable to punitive action for breaches by the Information Commissioner's Office (ICO) which, following changes in 2010, can now issue penalty fines up to £500,000. They also face the very real prospect, without a verifiable audit trail, of the fraudulent use of their data and the associated loss of customer, investor and public confidence with all that entails.
Russell Harris, Chairman of the BSIA's Information Destruction (ID) Section, stresses the need for renewed vigilance when it comes to data and how it is disposed of: "Given the thirst for data shown by the criminal fraternity; the range of formats that information can now be held in - from paper to computer hard drives and associated media - and the sheer quantity of data being produced on a daily basis; the requirement for an effective information destruction process has never been greater."
"During the TWM event, which we are attending for the first time as an ID Section, we plan to offer facilities managers, who have a key role to play in this type of disposal, valuable guidance on how to select reputable and trusted information destruction providers to comply with the Data Protection Act. We will also be able to direct attendees towards more environmentally friendly, and sustainable methods of disposal to help demonstrate their organisation's 'green' credentials."