Physical Security

Reasons to comply with DPA

by Mark Rowe

Organisations from all sectors should ensure that they comply with the Data Protection Act (DPA), members of the British Security Industry Association’s (BSIA) Information Destruction section are warning, after the watchdog the ICO fined Greater Manchester Police £150,000 for a breach of the DPA.

The Data Protection Act 1998 covers how personal information is used by organisations, businesses or the government and is enforced by the Information Commissioner’s Office (ICO). The ICO’s powers to enforce the Act include non-criminal enforcement and audit, monetary penalties up to £500,000 and criminal prosecution. The BSIA also points out that businesses run the risk of damaging their reputation by failing to comply with the Act.

To fully comply with the DPA, businesses should ensure that they follow the eight data protection principles. Under the Seventh Principle of the DPA, businesses are obliged to take appropriate measures against accidental loss, destruction or damage to personal data and against unauthorised or unlawful processing of the data.

Chairman of the BSIA’s Information Destruction section, Don Robins, says: “Businesses need to safeguard the individuals that they hold data on by ensuring that documents are shredded by a reputable data destruction company when they are no longer required. The same caution must also be taken with computer or laptop hard-drives and any other items which could be used to identify or impersonate individuals.”

To ensure that confidential data is disposed of securely, businesses should have a written contract with a company capable of handling confidential waste, which can provide a guarantee that all aspects of collection and destruction are carried out in a secure and compliant manner, the BSIA section suggests. To ensure this, suppliers should comply with European Standard BS EN15713:2009 for security shredding and also BS7858 for staff vetting.

Data controllers wishing to securely dispose of confidential material can consult a member of the BSIA’s Information Destruction section which consists of companies that securely destroy a range of confidential information including paper, DVDs and computer hard-drives. All section members work to a European Standard for the secure destruction of confidential material (BS EN15713:2009) as part of their ISO9001 inspection.

For more, visit: www.bsia.co.uk/sections/information-destruction.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing