The British Security Industry Association (BSIA) has published guidelines for compliance with the new British Standard 8470.
BS 8470:2006, which came into force last year, gives recommendations for the management and control of the collection, transportation and destruction of confidential material to ensure that such material is disposed of securely and safely.
According to the BSIA's Information Destruction Section Chairman, Anthony Pearlgood, the new guidelines highlight key areas in the information destruction process and the precautions necessary to protect the integrity of sensitive data.
He comments, “By disposing of confidential information using an information destruction company which is inspected to BS 8470, businesses can rest assured that their confidential material will not fall into the wrong hands."
The storage and disposal of information has become an increasingly sensitive issue since the Data Protection Act 1998 and the Human Rights Act 1998 both came into force in 2000. Any material containing personal data such as names, addresses or financial and legal details must be completely destroyed when disposed of.
Under the Data Protection Act, businesses must have a data control policy to ensure that secure methods are used to prevent the unlawful disclosure or accidental loss of personal data. A data controller is legally responsible for any data until it has been destroyed. It is important that a certificate of destruction is obtained from the information destruction company as proof that the process has been completed.
The dangers posed by identity theft, one of the UK’s fastest growing crimes, also makes disposing of confidential waste even more important. Businesses should ensure that they shred any confidential waste, or use a reputable company to dispose of it for them.
ID fraud costs the UK £1.34bn every year. It has been discovered that organised criminals are now paying accomplices £5 a document, to rummage through the bins of business premises. The goal is to find personal financial details for use in identity fraud.
A survey produced for National Identity Fraud Prevention Week last year found that 45% of companies researched discarded their headed paper; 24% threw away a director's signature; 44% disposed of whole invoices and 20% put their bank account details into the waste paper.
There are a number of steps that businesses can take to avoid becoming the victim of ID fraud:
The BSIA’s guide to BS 8470:2006 is available to download from: www.bsia.co.uk/publications.