Are you disposing of confidential waste securely?

    1 Mar 2007

    Print friendly version

    The British Security Industry Association (BSIA) has published guidelines for compliance with the new British Standard 8470.

    BS 8470:2006, which came into force last year, gives recommendations for the management and control of the collection, transportation and destruction of confidential material to ensure that such material is disposed of securely and safely.

    According to the BSIA's Information Destruction Section Chairman, Anthony Pearlgood, the new guidelines highlight key areas in the information destruction process and the precautions necessary to protect the integrity of sensitive data.

    He comments, “By disposing of confidential information using an information destruction company which is inspected to BS 8470, businesses can rest assured that their confidential material will not fall into the wrong hands."

    The storage and disposal of information has become an increasingly sensitive issue since the Data Protection Act 1998 and the Human Rights Act 1998 both came into force in 2000. Any material containing personal data such as names, addresses or financial and legal details must be completely destroyed when disposed of.

    Under the Data Protection Act, businesses must have a data control policy to ensure that secure methods are used to prevent the unlawful disclosure or accidental loss of personal data. A data controller is legally responsible for any data until it has been destroyed. It is important that a certificate of destruction is obtained from the information destruction company as proof that the process has been completed.

    The dangers posed by identity theft, one of the UK’s fastest growing crimes, also makes disposing of confidential waste even more important. Businesses should ensure that they shred any confidential waste, or use a reputable company to dispose of it for them.

    ID fraud costs the UK £1.34bn every year. It has been discovered that organised criminals are now paying accomplices £5 a document, to rummage through the bins of business premises. The goal is to find personal financial details for use in identity fraud.

    A survey produced for National Identity Fraud Prevention Week last year found that 45% of companies researched discarded their headed paper; 24% threw away a director's signature; 44% disposed of whole invoices and 20% put their bank account details into the waste paper.

    There are a number of steps that businesses can take to avoid becoming the victim of ID fraud:

    • Always check the identity of your customers, both businesses and consumers. Credit reference agencies offer a wide range of solutions to authenticate and verify the identity of customers to ensure that they exist and are who they say they are.
    • Having a well-formulated document disposal policy in place, and adhering to it, is the first crucial step in protecting your business and employees from identity fraud.
    • Lock away sensitive documents in a safe place and limit access to these documents to the staff who really need them.
    • Make sure that only key members of staff have access to highly sensitive documents, to ensure that information is not falling into the wrong hands.
    • Shredding information is the best way to dispose of documents securely and to ensure that criminals cannot gain access to sensitive company details fraudulently. Confetti cut shredders provide greater security by cutting paper into small confetti-like particles and also reduce bulk waste.
    • Inform staff about the risks of corporate identity fraud to ensure that they remain vigilant. Ensure your document disposal policy is communicated to all employees. Caution them about the risk of giving out company information online or over the phone without first checking to whom they are giving the information.
    • Ensuring that firewall and anti virus software is kept up-to-date. This way staff can securely open legitimate email attachments for viewing.

    The BSIA’s guide to BS 8470:2006 is available to download from:

    Related topics:

    Add a comment

    Send me an email-alert when someone comments in this discussion:

    Please remember that your name and comment will be visible to all users of the Network, and that we may edit or remove comments without notice. Terms and conditions

    This document is for general guidance and research purposes only, and does not purport to give professional advice. Please check the date at the top of the article; the International Workplace retains historic articles for general research.