| 20 March 2017
BSIA Information Destruction section has warned businesses to be extra vigilant with personal data amidst rises in identity theft, Vigilance can report.
New figures published by Cifas has revealed that identity fraud is on the rise. The statistics have been collected from 277 banks and businesses and show almost 173,000 recorded frauds in 2016, the highest level to date.
In light of this, members of the British Security Industry Association’s Information Destruction section have warned businesses to be extra vigilant with how they dispose of information that may contain personal data.
Many businesses collect and retain personal information about their customers and employees. This information is often discarded when it is no longer required following scanning or when archive clearance occurs. Information that is not disposed of correctly, can have huge repercussions for the individual if the data falls into the wrong hands. Such repercussions include financial loss, credit issues, benefit losses, legal problems and stress.
Businesses are obliged under the Seventh Principle of the Data Protection Act to take appropriate measures against accidental loss, destruction or damage to personal data and against unauthorised or unlawful processing of the data. Failing to do so could result in large financial penalties being imposed by the Information Commissioner, huge reputational damage and even prison sentences for company directors.
To fully comply with the Data Protection Act, a data handler must have a written contract with a company capable of handling confidential waste, which can provide a guarantee that all aspects of collection and destruction are carried out in a secure and compliant manner. To ensure this, suppliers should comply with European Standard BS EN 15713:2009 for security shredding and also BS 7858 for staff vetting.
Chairman of the BSIA’s Information Destruction section, Don Robins, comments: “Businesses need to safeguard the individuals that they hold data on by ensuring that documents are shredded by a reputable data destruction company. The same caution must also be taken with computer or laptop hard-drives and any other items which could be used to identify or impersonate individuals.”