A dog walker found police files detailing names, addresses and bank details of convicted sex offenders and their victims dumped in a skip in June 2018. The files dated back to 2016 contained explicit details of the victims and their offences including their names, hobbies, and family members. The dog walker that found these files stated that leaving this information open for the public to see could have resulted in someone being killed.
This story highlights the reason why the General Data Protection Regulation was introduced. All individuals have the right to be forgotten or to have their personal information protected from any 3rd party sources. The Cleveland Police have breached this regulation by not securely destroying personal information or storing the files and therefore allowing prying eyes to view details such as addresses, names, assaults and sexual offences.
Cleveland police have reported the breach to the Information Commissioner’s Office (ICO) and an investigation is currently underway. The ICO are currently looking at the removal and disposal processes in place at Cleveland police premises.
What is the correct way to dispose of confidential documents securely?
The most secure process of disposing of confidential documents is a regular on-site shredding service using lockable shredding bins. Once the material is secured in a lockable shredding bin it is safe until a professional shredding operator destroys all the information as part of a scheduled regular shredding service. This process ensures the shortest chain of custody and ensures a significant reduction in the risk of a data breach. The process is simple…
The shred truck would arrive at your premises, the driver would empty your confidential shredding into a lockable wheelie bin, and the shred truck would pick up the wheelie bin and load the confidential paper directly into the mobile shredder. You would receive a certificate of destruction after each visit. Cross cut shredding is the safest option as it reduces the risk of a data breach.
Data controllers are the ones responsible for having the correct procedures in place and as can be seen by the news story above, Cleveland Police failed to have effective document destruction processes in place to negate a data breach. Organisations should look at the following steps to ensure compliance with GDPR and reduce the risk of a data breach:
- Ensure staff handling documents are security vetted to BS7858
- Enforce a “shred-all” policy
- Shred your documents regularly - as soon as they are no longer needed.
- Receive a Certificate of Destruction after every visit