Document shredding and the 1998 Data Protection Act
Under the Data Protection Act, an organisation should not discard intact customer, staff or supplier information. Instead any documents must be securely destroyed using a shredder.
Breaches of this act may result in criminal proceedings against the data controller and the award of financial compensation to the data subject in respect of personal data.
So there is an even greater reason to ensure the ethical destruction of all important documents than simply preventing industrial espionage or identity theft.
It is vital that businesses do not fall foul of the Data Protection Act. One of the many reasons that this piece of legislation was implemented was to protect staff and as a result responsible individuals are legally liable to be fined or even imprisoned in extreme cases if these principles are ignored.
The simple solution: ensure all important documents are shredded and not binned.
Over the years bin raiding has become the main source of information for industrial espionage and identity theft. A company can expose its financial information, creative ideas and business strategies to its competitors as well as release the identities of its staff and suppliers to fraudsters.
In the latter case, many victims of identity fraud do not discover their identity has been stolen until over a year later. It takes the average victim over 300 hours of stress and worry to put their records straight after their identity has been stolen. Hence why staff may be awarded financial compensation in respect of stolen personal data.
The ISO 9001 standard and BS EN 15713 Code of Practice for the Secure Destruction of Confidential Materials outline the requirements for documents that must be destroyed to keep in line with the law. The code of best practice also suggests that printed material should be disposed of securely by shredding.
So for business protection, staff protection and legal compliance, ensure the ethical destruction of all sensitive information by shredding.