Why Getting Your Data Destruction Processes Right Is So Vital
There barely seems to be a day when there isn’t news about a data breach somewhere in the UK. In some cases it’s that a new breach has occurred, in others it’s about the fines being levied on companies that have failed to protect confidential information.
Either way, we’re more aware not only that these things are happening, but also of the implications than we ever have been before.
Since the introduction of the GDPR legislation earlier this year, it’s been more important than ever for companies to ensure their data storage and destruction procedures are in order.
However, new data from the Information Commissioner’s Office (ICO) indicates that many firms are still struggling in this area. Data Centre News revealed that in many of the breaches reported to the ICO, it was people, processes or inadequate policies that were to blame.
Speaking to the news provider, Tony Pepper, Egress Software CEO, explained that incidents caused by one of these factors are far more common than those caused by cyber attacks. He added that his organisation’s own research ahead of the introduction of the GDPR legislation showed a worrying gap in knowledge among many employees.
“It revealed that 20 per cent of employees were still using insecure channels to share company documents, including personal email, social media, cloud sharing and messaging apps,” he stated.
Mr Pepper stressed the importance of taking a “user-centric approach to data security”. That means “ensuring every employee is as security savvy as they need to be”, he added.
Part of this involves equipping staff with the knowledge they need to handle personal data. It’s worth remembering that this may not only mean data held in the digital realm. There can also be issues with the destruction of physical copies of information too.
That’s why it’s so important to have secure shredding in London, or wherever you’re based, to prevent any information you’re holding on paper from falling into the wrong hands.
Of course, this is only one part of the puzzle. And it appears that companies could have an additional angle to worry about if a recent ruling is anything to go by.
Supermarket chain Morrisons has recently lost its legal challenge against a ruling that allows its employees to claim compensation following a data breach that saw the payroll data of around 100,000 of its staff leaked online.
Andrew Skelton, a senior internal auditor at its headquarters, leaked the information and has been found guilty of fraud, as well as disclosing personal data. The High Court ruled that the supermarket was vicariously liable for his actions, and therefore would have to pay compensation.
Now, the Court of Appeal has upheld the High Court’s decision, which could have significant implications for companies in the UK. The supermarket has announced that it will appeal to the Supreme Court, but if it fails then it will have to pay compensation to thousands of its workers for the breach, which happened in 2014.
This case highlights the importance of having processes, systems and policies in place to protect not only confidential data, but also the business itself.