The end of 2016 brings a New Year and with it a fresh start. We often hear the saying “New Year, New You” but how many times do we make New Year’s resolutions but then fall back into old habits before January is even over?
The same is often true when it comes to reviewing work procedures and policies. When it comes to Data Security, there are a few resolutions that should not be broken unless you want to run the risk of a data breach within your organisation. With data breaches on the rise, DiskShred is suggesting the most important data security resolutions for a secure 2017.
Resolution #5: Do your research
With so many companies offering ‘similar’ services, it can be difficult to determine which data destruction organisation to go with. With approximately 600 organisations in the UK alone that claim to provide variations of on and off site data disposal, it can be something of a challenge to find the right partner and avoid the wrong one. Remember you (the data controller) are responsible for your data under the Data Protection Act 1998, not your data destruction partner. Therefore you need to research who you are using, ensuring they are fully accredited so you can have the confidence and peace of mind that your data is safe and in good hands.
Resolution #4: Understand your data
The ‘state’ of your data can constantly change throughout its data life cycle. It is important that you understand how to treat it at every stage of the cycle i.e. manage it from creation and initial data storage to the time when it becomes obsolete. Areas such as the sensitivity of your data can change throughout the cycle and so can the level of data protection that it requires. Once the data reaches the end of its lifecycle you must have a secure destruction policy in place.
Resolution #3: Go beyond compliance
Many data destruction companies can claim they offer a compliant and secure service, but are they actually accredited and is there an ongoing assessment of their service and procedures? It is your responsibility to do a background check on your disposal partner of choice. ADISA (the Asset Disposal & Information Security Alliance) are a good place to start when selecting an accredited organisation. Their alliance conducts both regular annual audits and unannounced on the spot audits to ensure the companies in their alliance are offering a secure service. With the imminent EU General data Protection Regulation (EU GDPR) coming into force you need to ensure that your company has a full audit trail of your retired data. Ensure your partner follows tight chain of custody procedures and provide tamper-proof reports including a certificate of destruction.
Resolution #2: Educate your people
By educating your staff on the importance of looking after data and the risks involved if it is handled incorrectly, then you foster a culture that understands your organisation’s data protection obligations. Appointing a data protection officer or champion can highlight that this is an area within the business that is taken very seriously and places an ownership on individuals to manage confidential information in a secure manner.
Resolution #1: Develop a Data Destruction Policy
More often than not, the risk of a data breach is increased on the basis that the people in an organisation don’t know the proper way to dispose of their redundant IT Assets and Data. Many organisations have an ‘IT graveyard’, a back room that serves as a storage room where old and outdated computers, laptops, servers, hard drives etc. are stored, leaving a wealth of information at risk. If this information falls into the wrong hands you could be at risk of a data breach. Putting an IT Disposal and Data Destruction policy in place will ensure your people have proper procedures in place to follow, reducing risk and creating a sense of ownership.
DiskShred offer secure, onsite hard drive and media shredding. We pride ourselves on providing
- The best hardware (this means we spend less time on-site than our competitors)
- The most affordable product
- The most accredited shredding organization across Europe
- What our clients tell us is the best service
If you have a data destruction requirement, anywhere in Europe, contact us on 0800 080 5083 or email firstname.lastname@example.org