Did you know you can face large fines for being nosey? Organisations are being warned by the Information Commissioner’s Office to implement better processes to prevent their employees from accessing personal documents and files without valid or legal reason. Read on to find out more…
The ICO have published a blog warning organisations and individuals about the risks of prying eyes on personal data. Following numerous NHS employees pleading guilty to ‘snooping’ into patients files and medical records so far this year, the ICO has convicted eight employees for breaching section 55 of the Data Protection Act 1998. The prying eyes are caused by employees ignoring their training and policies that have been put in place by the organisation to protect individuals under the Data Protection Act 1998.
The ICO enforced monetary fines to these individuals, however have stated that in the future the ICO would like to see custodial sentences for the most serious cases. The NHS security breaches pose a warning to all organisations both in the public sector and private sector, particularly with the introduction of GDPR looming in May 2018.
It is becoming vital for organisation to make their employees aware of the laws surrounding personal data protection. There are a number of steps needed to be taken in order to prepare for GDPR, and staff awareness is the first step. Another action organisations can take now is to eliminate the risk of employee curiosity and nosiness by storing data more securely. This may involve encrypting hard drives, USB’s, files for digital media. However, organisations often neglect the risks posed to hard copies and sensitive documents that are dated and perhaps archived. The move towards a digital workspace, has left some organisations vulnerable to such security breaches as the necessary steps have not been taken to store data and personal information securely.
Dedicated off-site document archive storage provides organisations the ability to keep and maintain up to date, accurate records for the required period of time according to their retention schedule. An electronic document management system which includes indexing and cataloguing can help quicken the process of recalling files when responding the Subject Access Requests from individuals that will now have the ‘right to be forgotten’ following the updates to the Data Protection Act in 2018. Off-site document storage not only provides a managed service, but also a number of other benefits. Security is much higher in off-site dedicated document storage compared to self-store units due to the restricted public access. Your documents will only be stored with other documents, unlike in self-store units or warehouses where incompatible materials could be stored in units next to your highly important documents – in extreme cases, volatile materials such as explosives which heighten the risk of fire.
Another factor to consider when implementing processes to reduce prying eyes through off-site storage would be the costs involved. Dedicated off-site document storage like Topwood offer a totally flexible option where your costs are directly proportional to the space your archive box occupies. Compare this to the space that storing your files in your office occupies…
It has been reported that it takes an office staff an average of 120 mins a week to manage and fetch files from self-storage. (At £15/hour that is £1560 a year!)
An average cost for self-storage space is circa £25 per sq ft. Based on this
Self-store: a 4 drawer filling cabinet costs £75 per year.
Topwood: a 4 drawer filling cabinet (collection and delivery of files) less than £25 a year.
Topwood average response time for urgent delivery is under 2 hours. Scan-on-demand service also available with response time less than 60 minutes.
Topwood are able to supply an Electronic Document Management system in combination with a secure off-site storage service, scan on demand service and confidential document shredding service, which enables us to provide you with an easy solution to your data mapping in preparation for GDPR. All of Topwood’s services are regularly audited and we are certified to the highest standards reinforcing the guarantee that you will be compliant with the new GDPR regulations.
But how do organisations protect their data that isn’t archived?
Data controllers will have increased liability to protect their data after 25 May 2018, so must take the necessary steps to comply with this. As a data management company (data processor), Topwood suggest using confidential waste bins (sometimes referred to as receptacles) to store sensitive information in until it needs to be destroyed. These waste bins should be lockable and have a letterbox slot that prevents retrieval of documents once deposited. By placing documents straight into these bins as soon as they are no longer needed, the risk of prying eyes is eliminated. These waste bins are offered free on loan as part of a regular shredding service at Topwood, whereby mobile on-site shredding is charged per visit, which can be surprisingly costs effective. Waste bins such as consoles (as seen in the picture) are very popular in offices and reinforce clean desk policies, which is the first step to a paperless office, contributing to your environmentally friendly goals.
If your organisation would like a free review of your document management processes, please get in touch on 01948 770 152 or email us at [email protected] or chat online now.