We spend millions as a country on security, but there is often not enough consideration to our data disposal.
To break it down there are three areas that can be protected:
1. Physical threats: locks, doors and CCTV cameras to protect your hardware.
2. Cyber threats: internet security, antivirus and firewalls to protect your systems over
3. Disposal threats: secure certified data destruction of old products containing data.
The first two have all the attention and biggest bills, but the third is not often given adequate consideration, and that undermines all the efforts and costs to physical and cyber threat reduction.
We all have digital bits and pieces around our home or office that should be recycled. It’s often these items with data that end up being treated through ‘regular’ disposal routes, effectively giving away our data, or alternatively they are stored in a dusty cupboard in a distant corner of the office in fear of it getting into the wrong hands – out of sight and out of mind.
Unsecure waste disposal can lead to data theft, impersonation and fraud that haunt modern life and the technology that we have become so heavily dependent upon.
Things are soon set to change with a new EU Regulation affecting the whole of Europe – the EU General Data Protection Regulation (GDPR). Discussions started in 2014 and were delayed twice until 2016, and now it looks to be ready for EU parliamentary agreement later this year, after which businesses have to start changing the way they manage their own and their customers’ data disposal.
Quite simply the new legal framework requires data controllers to comply with requests for erasure of personal data and have proof of this erasure. It is leagues ahead of the old framework brought into UK legislation by the Information Commissioner’s Office (ICO) in 1998, and starts to reflect the globalised modern business environment that we all operate in at work and home.
It affects ‘personal data’ which is defined as any information relating to an individual. This includes data such as a name, photo, email address, bank details, social media posts, medical information or a computer’s IP address.
So far, there are only a few companies in the UK providing secure data disposal services. Those who do have the systems, processes and services to qualify and maintain ADISA certification which is recognised as one of the best available and aligns well to the new requirements.
ecosurety has been working with many of them already to enable the re-use, treatment and recycling of our own, and our members, WEEE. We profiled one of our partners, SHP Ltd, who we launched an asset disposal service with earlier this year.
ecosurety will be running a webinar on secure data destruction to bring you up to speed on the new standard when it is released later this year – watch this space! From publication of the regulations, businesses have the usual 24 months to implement the contractors internal processes and training to demonstrate they meet the new requirements, so it will be important to perform internal due diligence against the new standards.
In the meantime, if your business wants to get ahead and make sure your data destruction is completed to ADISA standard treatment, you can contact Greg Challis from our asset disposal team on email@example.com or call 0845 094 2228.
As commercial manager Robbie is responsible for ensuring that all Ecosurety members benefit from the best possible value for money and specialist expertise. Having previously worked as our relationship team manager it is fair to say that he fully understands our members interests and needs!
The move enables Ecosurety to contribute further to key debates on the waste and recycling industry at Government levelRead More >>
The EU has tabled a framework on conflict minerals, bringing it another step closer to becoming mandatory in Europe.Read More >>
Collaboration aims to increase quality UK recyclingRead More >>