, ,

Disposing personal data? Do so carefully


With human error the leading cause of data breaches, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses communicate the importance of information security to staff.

At Hayes Connor, we’re sharing some of the tips included in this toolkit to raise awareness of the importance of this issue, and to help organisations across the UK improve their data protection processes.

Tip: All information you work with has value. Dispose of it carefully

The risk of not disposing data carefully

When personal and sensitive information is not disposed of correctly, it can fall into the wrong hands. As such, organisations of all kinds must make sure that they correctly destroy and get rid of any such data. Not least because where they don’t, they could face huge fines.

For example, in 2018 the Bayswater Medical Centre in London was found guilty of a serious data protection breach and fined £35,000 by the Information Commissioner’s Office (ICO) after it left highly sensitive medical records, registration forms and repeat prescription information unsecured in an empty building for a year and a half. The data was left on decks, in unlocked cabinets, on windowsills, and in bins. Find out more about this case.

Quick tips

  • Employers must understand the importance of data protection and make sure that strict policies and procedures are put place to ensure the safe disposal of information
  • Simply binning paper-based personal information is not good enough. Un-shredded documents left in the bin or thrown outside for collection could be stolen and used to commit identity theft or corporate fraud. Any organisation that doesn’t have and adhere to a corporate shredding policy could also be in breach of the GDPR
  • Likewise, confidential waste should always be properly disposed of and separated from regular recyclable waste
  • Electronic information held on hard drives and PCs must also be disposed of correctly. This can be done by a professional hard drive and media destruction service
  • In many cases, data breaches can be avoided by staff abiding by the data protection principles of their businesses. But it is up to employers to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.