The Data Protection Act and Shredding Confidential Waste

Thanks to the Data Protection Act 1998, your company is responsible for the proper handling of confidential data, ensuring that it is both stored and (where necessary) destroyed correctly. Under the law (Section 55A), companies can be fined up to half a million pounds sterling for breach of this responsibility. So it’s important to know your obligations and ensure your company complies with them.

Fines, Fines and More Fines

Despite guidance from the Information Commissioner’s Office on the proper handling, management, storage and destruction of confidential material, there have been numerous reports in the media historically about companies (and local authorities) being found in breach of the data protection act after allowing highly sensitive data to fall into the wrong hands. Whether it’s failing to encrypt employee laptops or not correctly destroying printed confidential waste, the results are the same.
The Data Protection Act says that:
“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”
The reasons are obvious. If, as part of the everyday running of your business, you’re collecting information on customers that includes things like their name, address, telephone numbers, date of birth, credit card details etc, then that information is at risk of falling into the wrong hands. If it does so, then your customers may suffer harm as a result that could include:

  • Fake credit card transactions and other fraudulent activities
  • Identity theft
  • Financial fraud including false mortgage applications
  • And much more.

So it’s clear why you have a duty to keep that data safe. Proper storage and security measures are necessary and there are plenty of steps you can take to ensure that the data doesn’t fall into the wrong hands.

Examples Relevant to You

You might be wondering how this could be relevant to your business. How about some real world examples?

  • NHS fined £325,000 for allowing patient data to fall into the wrong hands. Computer hard drives containing sensitive patient data that should have been destroyed were instead sold on the internet. (This could have been avoided with a professional hard drive and media destruction service)
  • Wolverhampton City Council was found to be in breach after confidential waste was thrown in a skip on their premises. (Printed confidential waste should be properly destroyed by shredding with either a mobile or off-site shredding service).
  • Scottish Borders Council were found in breach and fined £250,000 after employees’ pension records were found in a paper recycling bank at a local supermarket. (Confidential waste should always be properly disposed of and separated from normal recyclable waste. Our shredding service helps reduce your carbon footprint by recycling paper waste after it has been properly shredded and destroyed).


Meeting Your Data Protection Obligations

Shred Station’s shredding services provide several tools to help you meet your data protection obligations and avoid unnecessary fines.

  • Lockable confidential waste bins – we can supply these bins for use on your premises to ensure the security of confidential waste and prevention of theft.
  • Mobile shredding services – on-site shredding ensures you can see the whole process in action. There’s no chance of your confidential waste ending up in the wrong bin, you can see it destroyed before your eyes. We’ll also take the waste away and ensure it’s properly recycled.
  • Destruction certificate – our trained and vetted staff will provide you with a certificate of destruction once the waste is disposed of, so you have peace of mind in knowing you’ve complied with the letter of the law.
  • We can help with the destruction and disposal of old PC’s and media – so even digital data is safe from the wrong hands.