We spend millions as a country on security, but there is often not enough consideration to our data disposal.
To break it down there are three areas that can be protected:
1. Physical threats: locks, doors and CCTV cameras to protect your hardware.
2. Cyber threats: internet security, antivirus and firewalls to protect your systems over
3. Disposal threats: secure certified data destruction of old products containing data.
The first two have all the attention and biggest bills, but the third is not often given adequate consideration, and that undermines all the efforts and costs to physical and cyber threat reduction.
Out of sight and out of mind
We all have digital bits and pieces around our home or office that should be recycled. It’s often these items with data that end up being treated through ‘regular’ disposal routes, effectively giving away our data, or alternatively they are stored in a dusty cupboard in a distant corner of the office in fear of it getting into the wrong hands – out of sight and out of mind.
Unsecure waste disposal can lead to data theft, impersonation and fraud that haunt modern life and the technology that we have become so heavily dependent upon.
The new EU General Data Protection Regulation
Things are soon set to change with a new EU Regulation affecting the whole of Europe – the EU General Data Protection Regulation (GDPR). Discussions started in 2014 and were delayed twice until 2016, and now it looks to be ready for EU parliamentary agreement later this year, after which businesses have to start changing the way they manage their own and their customers’ data disposal.
So what is the GDPR?
Quite simply the new legal framework requires data controllers to comply with requests for erasure of personal data and have proof of this erasure. It is leagues ahead of the old framework brought into UK legislation by the Information Commissioner’s Office (ICO) in 1998, and starts to reflect the globalised modern business environment that we all operate in at work and home.
It affects ‘personal data’ which is defined as any information relating to an individual. This includes data such as a name, photo, email address, bank details, social media posts, medical information or a computer’s IP address.
Secure data destruction
So far, there are only a few companies in the UK providing secure data disposal services. Those who do have the systems, processes and services to qualify and maintain ADISA certification which is recognised as one of the best available and aligns well to the new requirements.
ecosurety has been working with many of them already to enable the re-use, treatment and recycling of our own, and our members, WEEE. We profiled one of our partners, SHP Ltd, who we launched an asset disposal service with earlier this year.
ecosurety will be running a webinar on secure data destruction to bring you up to speed on the new standard when it is released later this year – watch this space! From publication of the regulations, businesses have the usual 24 months to implement the contractors internal processes and training to demonstrate they meet the new requirements, so it will be important to perform internal due diligence against the new standards.
In the meantime, if your business wants to get ahead and make sure your data destruction is completed to ADISA standard treatment, you can contact Greg Challis from our asset disposal team on firstname.lastname@example.org or call 0845 094 2228.
As policy manager, Robbie is responsible for liaising with government, regulators and industry organisations to represent our members’ views and interests. In previous roles, he helped to instigate market-based change and he brings that dynamism to his current role of influencing regulatory change. With years of experience working across a number of departments at Ecosurety, it’s fair to say he has an excellent understanding of producer compliance and recycling, which enables him to provide high-level policy expertise, industry insight and market analysis to our members.
There are approximately 1,500 companies who submitted their ESOS return at the end of November - a long way short of the 13-15,000 companies who are likely to be affected.Read More >>
The Environment Agency (EA) has reported that enforcement notices are still being served on obligated companies that have failed to comply with requirements of the Energy Savings Opportunity Scheme (ESOS).Read More >>
Blunt focus on compliance and not cost savings or energy reduction means many organisations are ignoring scheme until very last minute.Read More >>