As data protection law evolves, it’s never been more important to have rigorous processes in place for disposing of data you’re no longer using – both physical and digital.
As you may have read elsewhere on our blog, everyone is talking about the revamp of data protection laws to bring them up to date and in line with the way we share our data online.
Under the forthcoming Data Protection Bill, consumers will be able to view the data that organisations hold on them, and ask for it to be deleted if they want. Also, when young adults turn 18, they’ll be able to ask social-media platforms to delete everything they posted when they were children.
Changes like these put the spotlight on erasing digital records. But data can be held in many forms, and it’s important to keep them all in mind when planning your approach to collecting and processing personal data.
A digital record of personal data can be deleted relatively easily. But if anyone prints it out at any point, it becomes a paper record. That piece of paper can go anywhere with anyone, which raises questions of data security. And for as long as it exists, it’s a record of personal data, just like a digital file – whether it gets carefully filed away, put into storage or just left in a desk and forgotten about. Even a note scribbled down on a Post-It could contain personal data.
That’s why it’s so important to have robust systems and processes to control the way you collect, process and store personal data – and, crucially, for the way you destroy it when it’s no longer required.
The only truly risk-free way to dispose of paper records is through physical shredding. If you have any volume of records, the simplest and most rigorous approach is to work with a professional shredding company. They’ll be able to collect the paper from you and shred it either at your premises or their own, then provide you with a Certificate of Destruction to confirm that all the data is definitely gone.
Even though digital data may have been deleted, skilled data thieves can still recover it if they get their hands on physical media such as hard drives and USB sticks. CD-ROMs, once written, hold their data for many years. The only reliable way to ensure the records on digital media is deleted is through physical destruction of what stores the data.