[Skip to content]

FM World logo
Text Size: A A A
View the latest issue of FM
» Digital edition   » Subscribe
ADVERTISEMENT
Search our Site

E-newsletter

FM World daily e-newsletter logo

A daily email bulletin of the latest FM news

» Subscribe here

FM World daily memcom winner

Resources

  • del.icio.us Delicious
  • digg
  • Facebook
  • stumbleupon
About sharing
ADVERTISEMENT
ADVERTISEMENT
.

Don’t share it, shred it

Commercial identity fraud is on the increase, fed in part by confusion over the types of business waste that pose a risk in the wrong hands and how to dispose of it properly

Email to a colleague Print this page

 

by Anthony Pearlgood

 

09 March 2007

 

Identity fraud is one of our fastest growing crimes, estimated by the Cabinet Office to cost the UK over £1.7 billion a year. A chunk of this will be commercial fraud, the result, at least in part, of businesses failing to recognise and handle confidential waste securely.


As some categories of business-sensitive material are less obvious than others, a degree of confusion is understandable. But given the legal imperative for organisations to handle personal data securely under the Data Protection Act, it’s worth taking care over proper identification and disposal of confidential waste.

 

1  The act


The Data Protection Act 1998 (DPA) requires that personal data, including personnel and customer data stored in any form – paper, computer hard drives and CDs for example – is stored securely by organisations and not passed on without the individual’s consent.
 Organisations using waste disposal companies must make sure that they, too, handle personal data securely and take steps against accidental loss or unauthorised processing.

 

2  Bulky items


Disposal of bulky items, like uniforms and IT hardware, should be contracted to approved security shredding companies with industrial shredding equipment. In-house shredders are built for paper and are therefore unsuitable for processing heavier materials.

 

3  Pass it on


Many companies and charitable organisations now offer to remove old IT equipment free of charge and refurbish it. This form of recycling is commendable, but remember that even after wiping, records may still be recovered from the hard drive. Remove the hard drive and shred it first, so that the remaining parts of the computer can be refurbished and re-used without risk to the organisation.

 
4  In or out


For paper disposal, choose between in-house shredding equipment and using a specialist shredding service. Many companies choose a combination of the two, with personal shredding machines by director’s offices and lockable serviced bins elsewhere. Most shredding companies are happy to collect internally shredded paper for further processing and recycling.

 

5  Home or away


On-site shredding offers the security of immediate, witnessed destruction, but is more expensive and requires a suitable area on site to park the shredding vehicle, which will also need to remain on site for longer while shredding takes place.
Off-site shredding is sometimes perceived as more risky, because it requires transportation and handling off-site and ‘beyond the control’ of the waste producer. Reputable firms however, which are DPA compliant and members of the British Security Industry Association (BSIA) with its strict membership criteria, are absolutely within the control of the waste producer, posing negligible risk. Off-site shredding is more cost-effective and suited to more frequent collections, involving minimum site disruption and frequently offering witnessed destruction to those requiring extra reassurance.

 

6  The specialists


There are three main credentials to question when choosing a secure shredding contractor - security, service and environmental responsibility.
Security checks might cover membership of the BSIA, accreditation to security shredding standard BS8470, ISO9001:2000 quality accreditation, security checking of staff to BS7858 (which covers the past 10 years), invitations to audit site, witness destruction and view access control, provision of destruction certificates and overall compliance with the DPA.

 
Service elements to look for might include availability of on and off-site shredding; provision of scheduled and one-off clearance services; ability to shred paper, magnetic media, uniforms and IT equipment; flexible collection times; a range of collection vehicles to cope if access to site is restricted and provision of suitable containers and regular activity reports.


Environmental considerations include whether they recycle paper after shredding, offer additional services for recycling glass, cans and plastic cups, provide recycling certificates, are accredited to environmental management standard ISO14001, hold a valid Environment Agency licence or exemption and are local.


If organisations question these areas when choosing a confidential waste supplier they will raise standards, help the environment and reap practical and financial rewards in the process.

 

Anthony Pearlgood is commercial director of PHS Datashred and chair of the BSIA information destruction division

 

Confidentiality test: what to ask yourself


To decide which of your waste materials are confidential, ask the questions – are they governed by the Data Protection Act and could these materials be used by someone for the purposes of fraud or competitive advantage?

 
Seemingly innocent items can also be used fraudulently. A letterhead or directors’ signatures can be used to impersonate companies, contact customers illicitly, or falsify credit applications. Marketing plans, minutes of meetings and new product development records are all of great interest to competitors; and old company uniforms and ID cards can be used to gain unauthorised access.

More on the DPA can be found at
www.informationcommissioner.gov.uk with practical advice at www.businesslink.gov.uk

Visit www.bsia.co.uk to check the required credentials of BSIA member firms.