If you fail to protect your confidential data, you could be fined up to £500,000 by the Information Commissioner’s Office.
Cardiff (PRWEB UK) 1 August 2013
When people delete a file from their computer it is not removed completely; in fact, deleted data is still easily accessible using widely available software.
However, managing IT disposal is more of a challenge than ever, since many organisations are adopting ‘bring your own device’ policies. With employees storing data on their own laptops, tablets and even smart phones, company information is naturally going to be harder to manage.
Because it is an organisation's responsibility to protect its data from “cradle to grave”, it is essential to create a confidential data policy for staff. This will ensure employees are aware of how to securely store and dispose of IT equipment when the need arises.
Ideally, a ‘data controller’ should also be assigned from within the company to fully manage the IT disposal process, both in house and when using an external provider. Their responsibilities would include creating an inventory of redundant hardware, carrying out risk assessments, and choosing a reputable company to outsource data destruction to.
Every business needs to process their data in accordance with the Data Protection Act, and this includes destroying all sensitive information contained on computers and other media devices when it is no longer needed. If businesses fail to protect their confidential data, they could be fined up to £500,000 by the Information Commissioner’s Office.
Outsourcing data destruction and recycling to an IT disposal company is a popular way to ensure that sensitive information is securely eliminated. However, if a service provider loses or compromises confidential data during the disposal process, the data controller could be held responsible. That’s why it is crucial to choose a compliant data processor that you can trust, like PHS Maxitech.
When outsourcing IT disposal, it is a company's responsibility to select a reputable service that provides sufficient guarantees. Steps to follow include:
- Verify the IT disposal company by seeking references
- Check their data destruction procedures are accredited
- Establish a written contract specifying that they meet the technical and organisational requirements of the DPA
- Ask for audit trails and a certificate of destruction
- Re-examine contracts and processes when adopting new technology in the future
PHS Maxitech guarantees that all IT disposals are processed in compliance with the Waste Electronic and Electrical Equipment (WEEE) Directive and Data Protection Act. By using a secure service provider like PHS Maxitech, businesses can be sure that they are always compliant with UK law.
Notes for editors
The PHS Group is a leading workplace services provider, and has traded in the UK since 1963. It has a diverse service portfolio aimed at improving work and leisure spaces, while making life much easier for facilities, building and people managers.
PHS really does ‘do more than you think’, providing products and services for:
- Crate rental and packaging
- Interior and exterior planting
- Laundry equipment and workwear
- Matting and flooring
- Records storage and management
- Shredding and recycling
- Testing and compliance
- Waste management
- Water machines
- Workplace consumables
PHS provides these direct to UK companies, and also operates as a tier one supplier to the facilities management market, supporting the integrated service propositions of most of the major FMs.
The PHS Group’s annual turnover for the year ending March 2012 was £422 million. It employs around 5,000 personnel, operates from a wide network of 153 regional service branches, and takes care of over 250,000 customers at over 450,000 locations in the UK, Ireland, Holland, Belgium and Spain.