Does your data destruction fulfill your CSR?
A Corporate Social Responsibility (CSR) Policy defines an organisation’s commitment to the community and environment within its sphere of influence.
Every organisation has a duty of care in the way it handles and disposes of confidential personal data. In recognition of this, the need to follow secure data destruction procedures is increasingly written into CSR policies.
An organisation's failure in its handling data properly can have a massive, even devastating impact on the community it servces (share holders, customers, employees, even the public).
As firms increasingly outsource the destruction of personal data to third party data destruction specialists compliance managers need to be 100% sure who they are entrusting their data to.
Here is our 5 step checklist that will ensure your firm's use of a third party contractor fulfills its duty of care to securely dispose of personal data:
- Ensure your contractor has the professional accreditation and competence to process (destroy) data on your behalf. Engage a supplier that has ISO 27001 (why is this important?) and check they comply with shredding standard EN15713. It is important to check that their staff are security vetted to BS7858 (why is this important?). Finally it is a requirement to have a written contract with your supplier recording the measures that have in place to protect personal data.
- The safest option for the destruction of data is to have it done on-site while you watch. Can your supplier shred on site – if not have you ever audited them? (on-site is the safest option). Is the material cross cut shredded and do you ask for samples?
- Check that the shredded material is recycled to ensure your firm complies with the requirements of the waste hierarchy regulations. Furthermore - question whether your supplier has any schemes that impact positively on the environment.
- Do you receive a Certificate of Destruction as required by UK data legislation (see why is this important), and;
- Does your supplier have a CSR policy of its own that you can share in?
For more information on Topwood's CSR click here.