Small business owners have a responsibility to protect the sensitive information of their clientele. Even if small business owners outsource some of their work, the owners are still responsible for such sensitive information. The business owners may face repercussions if these details are accessed for the purposes of fraud, which is why it is important to consider secure safety procedures such as the confidential shredding of information.
For the information of such business owners, the Data Protection Act and Secure Document Disposal states that personal data must be:
- processed fairly and lawfully,
- for one or more legally sanctioned purpose,
- specific to the purpose, adequate and not excessive,
- accurate and timely,
- kept no longer than the life of the purpose,
- processed according to the rights of the individual; for the individual to be informed of the information being processed, to prevent such information from being marketed, and to be compensated if damaged by such marketing, and
- not passed to countries outside the European Economic Area.
- the client’s racial or ethnic origin,
- the client’s political opinions,
- the client’s religious beliefs or similar practices,
- the client’s affiliation with a trade union,
- the client’s mental or physical health,
- the client’s sexual preferences,
- the act or the accusation of an act of an unlawful nature by the client, and
- an action in court of an act or accusation of an act of an unlawful nature by the client.
Other security measures would include training staff not to relay personal information via email that is not encrypted, nor relay it to groups of individuals. Staff should be trained not to open spam. It sometimes contains viruses or spyware. Staff should know what to look for in persons seeking such personal information for fraudulent purposes.
Robert Dean has been involved in the shredding services for several years and believes in the importance of business security and managing paperwork. He currently works for TheShreddingAlliance.co.uk.