Ian Osborne, VP UK and Ireland, Shred-it, explains how small businesses can get rid of digital data safely and securely.
No one can deny that technology has completely revolutionised the business world. From the invention of the World Wide Web, right through to advancements in AI, the parameters of where, how and when we do business have been turned upside down, as the world of work adapts to meet the expectations of today.
But it’s not just the bigger picture when it comes to technology. On a smaller scale, handheld devices, portable hard drives and USB keys have had an enormous impact on the way we work.
But, with increasing levels of scrutiny around data security and the introduction of GDPR in 2018, what should businesses do with that technology when it becomes obsolete?
Research suggests that businesses and their employees are not placing enough importance on data protection when it comes to technology.
According to Shred-it’s annual security tracker, 40 per cent of SME owners have never disposed of hard drives, USBs and other hardware containing confidential information, while 14 per cent of large businesses never securely destroy electronically stored information or do it less than once a year.
Looking at the GDPR landscape today, recent guidance from the Information Commissioner’s Office (ICO) has confirmed that whether we leave the EU with or without a deal this month, most of the data protection rules affecting SMEs will remain the same. With the UK continuing to adhere to EU GDPR, information security must remain a top priority for small businesses.
The hard truth is that storing redundant electronic equipment in the office – or at home – presents a goldmine of sensitive information for data thieves, which can have serious implications for your business.
Whether its confidential information about your clients, customers or employees, the EU regulations impose strict requirements on the way businesses collect, store and manage personal data, which includes the effective destruction of obsolete storage facilities holding both digital and paper records.
The accidental loss or theft of hard drives containing confidential information can lead to heavy fines as well as significant damage to your business reputation. For the loss of a client’s data, businesses could face fines of up to £17 million, or 4 per cent of global turnover. While those levels of fines are only for the most serious of breaches, brand damage and loss of confidence from clients can have equally damaging results for business, both big and small.
So how can SMEs ensure the safe destruction of electronically stored information?
- Clear out storage facilities regularly and avoid stockpiling unused hard drives
- Physically destroy all unwanted hard drives to ensure any data they contain is unrecoverable
- Use a third party who provides a secure chain of custody and written confirmation of destruction
- Incorporate new and emerging forms of electronic media into your information security policy
- Most important of all, businesses must have a strict policy on data protection that is communicated clearly to all employees and updated whenever necessary, in order to avoid a potential breach