The Data Protection Act and Secure Document Disposal

Small business owners have a responsibility to protect the sensitive information of their clientele. Even if small business owners outsource some of their work, the owners are still responsible for such sensitive information. The business owners may face repercussions if these details are accessed for the purposes of fraud, which is why it is important to consider secure safety procedures such as the confidential shredding of information.

For the information of such business owners, the Data Protection Act and Secure Document Disposal states that personal data must be:

  • processed fairly and lawfully,
  • for one or more legally sanctioned purpose,
  • specific to the purpose, adequate and not excessive,
  • accurate and timely,
  • kept no longer than the life of the purpose,
  • processed according to the rights of the individual; for the individual to be informed of the information being processed, to prevent such information from being marketed, and to be compensated if damaged by such marketing, and
  • not passed to countries outside the European Economic Area.
A description of the personal information of clients to be processed is as follows:
  • the client’s racial or ethnic origin,
  • the client’s political opinions,
  • the client’s religious beliefs or similar practices,
  • the client’s affiliation with a trade union,
  • the client’s mental or physical health,
  • the client’s sexual preferences,
  • the act or the accusation of an act of an unlawful nature by the client, and
  • an action in court of an act or accusation of an act of an unlawful nature by the client.
Secure disposal of personal information on a small business owner’s clientele is not limited to merely shredding paperwork. Computers with the latest updated firewalls and virus protection programmes are a must-have. Program the operating system to notify users of the latest security updates. Encrypt personal information held in computers so hackers can’t retrieve the information for fraudulent purposes. Keep daily backups for use if the computers are lost or stolen. Remove all personal information if business owners are changing from old computers to new ones. Destroy the hard drive or use technology for such removal. Last but certainly not least, install anti-spyware software, which is often available for free. This prevents hackers from gaining personal information.

Other security measures would include training staff not to relay personal information via email that is not encrypted, nor relay it to groups of individuals. Staff should be trained not to open spam. It sometimes contains viruses or spyware. Staff should know what to look for in persons seeking such personal information for fraudulent purposes.

Robert Dean has been involved in the shredding services for several years and believes in the importance of business security and managing paperwork. He currently works for TheShreddingAlliance.co.uk.