We spend millions as a country on security, but there is often not enough consideration to our data disposal.
To break it down there are three areas that can be protected:
1. Physical threats: locks, doors and CCTV cameras to protect your hardware.
2. Cyber threats: internet security, antivirus and firewalls to protect your systems over
3. Disposal threats: secure certified data destruction of old products containing data.
The first two have all the attention and biggest bills, but the third is not often given adequate consideration, and that undermines all the efforts and costs to physical and cyber threat reduction.
Out of sight and out of mind
We all have digital bits and pieces around our home or office that should be recycled. It’s often these items with data that end up being treated through ‘regular’ disposal routes, effectively giving away our data, or alternatively they are stored in a dusty cupboard in a distant corner of the office in fear of it getting into the wrong hands – out of sight and out of mind.
Unsecure waste disposal can lead to data theft, impersonation and fraud that haunt modern life and the technology that we have become so heavily dependent upon.
The new EU General Data Protection Regulation
Things are soon set to change with a new EU Regulation affecting the whole of Europe – the EU General Data Protection Regulation (GDPR). Discussions started in 2014 and were delayed twice until 2016, and now it looks to be ready for EU parliamentary agreement later this year, after which businesses have to start changing the way they manage their own and their customers’ data disposal.
So what is the GDPR?
Quite simply the new legal framework requires data controllers to comply with requests for erasure of personal data and have proof of this erasure. It is leagues ahead of the old framework brought into UK legislation by the Information Commissioner’s Office (ICO) in 1998, and starts to reflect the globalised modern business environment that we all operate in at work and home.
It affects ‘personal data’ which is defined as any information relating to an individual. This includes data such as a name, photo, email address, bank details, social media posts, medical information or a computer’s IP address.
Secure data destruction
So far, there are only a few companies in the UK providing secure data disposal services. Those who do have the systems, processes and services to qualify and maintain ADISA certification which is recognised as one of the best available and aligns well to the new requirements.
ecosurety has been working with many of them already to enable the re-use, treatment and recycling of our own, and our members, WEEE. We profiled one of our partners, SHP Ltd, who we launched an asset disposal service with earlier this year.
ecosurety will be running a webinar on secure data destruction to bring you up to speed on the new standard when it is released later this year – watch this space! From publication of the regulations, businesses have the usual 24 months to implement the contractors internal processes and training to demonstrate they meet the new requirements, so it will be important to perform internal due diligence against the new standards.
In the meantime, if your business wants to get ahead and make sure your data destruction is completed to ADISA standard treatment, you can contact Greg Challis from our asset disposal team on firstname.lastname@example.org or call 0845 094 2228.
Innovation and policy director
Robbie is innovation and policy director at Ecosurety. Having spent years building an intimate understanding of the industry’s policies and politics, he uses this knowledge to help shape new legislation and oversees Ecosurety’s growing portfolio of cross-industry innovation projects including Podback and the Flexible Plastic Fund. He has worked closely with Defra during the most recent packaging consultations, outlining the impacts and required transitional arrangements of the UK’s new EPR system and is a member of the government’s Advisory Committee on Packaging (ACP). He is also a spokesperson for the company and regularly uses his influence to communicate the importance of environmental responsibility to external stakeholders.
Last week the EA released a formal communication about the potential removal of incorrect PRNs and PERNs.Read More >>
The interim Office for Environmental Protection (OEP) was launched today, ahead of its formal role as the ‘Board of the Office for Environment Protection’.Read More >>