Data Destruction

The Data Protection Act makes clear that "personal or sensitive data" which consists of information relating to a living individual, cannot be disclosed without the prior authority for whom those services are being provided.

Businesses should audit their data and see what information they are holding like personnel records, wages, appraisals, and such like.

Many businesses have lost ground to competitors through corporate or product theft - do these areas affect you?

Companies also have a legal and moral responsibility to guard against disclosure of any kind, so don't just concentrate on one single department.

Furthermore, the new Data Protection Act (October) 1998, states that businesses must comply with Principle 7 of the Act (surround your data with proper security) and that data controllers (you) must choose a data processor (destruction company) which can provide you with sufficient guarantees of security measures.

You may have sufficient safeguards whilst the information is stored on your premises, but what happens when the data is no longer required - where does it go?

Data Controllers (you) are legally responsible for the data, right up to the moment it is destroyed, so proof of destruction will be required - can you certify destruction?

Getting a Certificate to say the documents were recycled will not be sufficient, they are not proof of destruction.

Under the new act, appropriate and technical organisational measures should be taken to prevent unlawful processing or disclosure of data.

There is now a requirement for Data Controllers (you) to ensure that where a data processor (data destruction company) processes the data on behalf of the data controller, there is a written contract between the parties, whereby the processor agrees to act on the instructions of the Controller.

For Document Storage and Archiving Click Here