Category Archives: Data Protection

Paper Shredding Dublin (Data Processing Service)

Posted on by
Reply

Data Destruction (Dublin Area)

Shredding documents In Dublin as part of industrial paper shredding method for your business is now must be implemented under the data protection act.

All businesses are and if not they should be aware of their responsibility to segregate and dispose of their general waste and recycling. These rules have been established under the Irish Waste Management Act 2001 which can be viewed at; https://www.environ.ie/en/Environment/Waste/WasteMgmtActs/.

Within this Act it is essential for all Organisations to use a waste processing firm that is reputable and has the required certifications from their relevant County Council and in turn the client has full traceability of their waste materials.

When dealing with sensitive paper data that has reached its end of life hiring any Dublin paper shredding service may not be sufficient and may not achieve full compliance. Cost should never be the determining factor when hiring a Dublin document shredding service, the cheapest may not achieve compliance and it is compliance that is required by Organisations to achieve in order to protect their data and their public image.

As detailed above waste recyclers are also known as material processors, similarly companies that offer data destruction services are not only waste processors but they are Data Processors. It is this title of “Data Processor” that drastically differentiates a recycling firm from a Data Processing Firm. It is The Data Protection Acts that recognise Data Processors and Data Controllers and if a data breach occurred and it was found that for example the Dublin paper shredding firm was not a data processing firm they may argue that the Data Protection Acts do not apply to them as they were simply processing material not data. It is important for all Organisation to be aware of this point as they may be receiving a Dublin materials shredding service at a more attractive cost however, they are not receiving a fully compliance and data protecting service. The following applies to many industries and services; “The cheapest is not always the best”.

 

Questions to ensure that your Dublin Paper shredding vendor is a Data Processor;

  • Is your Organisation a member of an Industry Representation Body in Ireland?

Required Ans;  Yes

 

  • Does your Dublin Document Shredding Company process various recyclable material on the same site as the paper shredding?

Required Ans;  No

 

  • Does your Dublin Paper Shredding Company ship various material to the recycling market other than data carrying materials (e.g. Cardboard, plastics)?

Required Ans;  No

 

  • Is your Company Certified from an Independent Body in Ireland for European Security Standard EN 15713 and not “Self-Certified”?

Required Ans;  Yes, we are certified by an independent body in Ireland.

 

  • Is your Dublin Paper Shredding Company listed on The Data Protection Commissioner’s Public Register of Data Processors? Can you give me your reference No.?

Required Ans;  Yes, we are and you can see us on the list if you visit www.dataprotection.ie  

 

  • Do you use Data Processing Agreements?

Required Ans;  Yes

Methods Aimed To Prevent A Data Breach Within An Organisation

Posted on by
Reply

secure data, data security, document destruction

Along with a onsite paper destruction service, businesses on-line and electronic data can be vulnerable to a data breach if not adequately protected.

A data breach can occur from a small genuine mistake to a significant planned breach. In this article we will discuss methods any Organisation can take to help prevent a data breach occurring and in turn minimise the risks of experiencing negative public image and damaging press.

  • Training: All employees that handle sensitive documents and/or have control over/access to sensitive digital data should be trained appropriately. All employees should be made aware of the applicable Data Protection Act principles both at an Irish level and a European Level.  External obligation through legislation is important for all employees to be informed of however internal policies must be drawn up and communicated to all staff members.
  • Risk Assessment: All Organisations should conduct a risk assessment of their IT systems which in turn will help them to identify security threats and improve upon potential weaknesses.
  • Penetration Protection: Up to date anti malware software should be used to detect potential damaging malware on employee work devices. Periodic reviews should be complete to ensure that firewalls will defend against malware.
  • Encryption: All data inclusive of static data on external storage devices and data in motion which is data being sent between two separate devices should be encrypted. Encryption If information or devices are stolen; thieves will not be able to access the sensitive information.
  • Monitoring: We advise that employees should physically protect both electronic devices and paper records in their possession that contains sensitive data. While a Clean Desk Policy can help, it is sometimes difficult for an Organisation to ensure that employees keep their desk clean.
  • Control Access: Different members of an Organisation will need to access sensitive information at different times. Employees at each level should only have access to information that is relevant and required to their job. A secure ID system should be implemented within your Organisation that will only allow specific employees access to specific information whether it be on a device or on a paper record.

Physical Safeguards: Limit physical access to facilities where Company IT is housed. All hard drives and e-media should be securely destroyed in line with EN 15713 through a Data Processing firm when they are being replaced and/or updated. All organisation should partner with a document destruction expert that provides secure onsite paper shredding Dublin and secure offsite paper shredding Dublin. These data processing firms should have the capability to securely destroy both physical data held in paper format and digital data held on old hard-drives and data cartridges.

For more information please Email us : info@securityinshredding.com

Twitter Data Security & Data Protection

Posted on by
Reply

Secure Harddrive Destruction, Twitter calling for increased Data Protection

Protecting your data both digitally and physically can be done by incorporating a confidential shredding services are available in Cork & Limerick to help benefit your businesses data protection.

Data Security & Social Media

Twitter, Google, Facebook and other heads of cyber security such as Dropbox and a senior researcher in networking and security at UC Berkeley are discussing future methods of cyber security for their business at a sponsored event.

Twitter’s security chief has said “Users should not have to petition companies to implement security or fix egregious vulnerabilities.” The discussion continues and mentions how companies should be required to encrypt data and maintain applications and any security holes within reason.

With current technology and more and more people using mobile devices. Your device has sensors and could pick up or spread malicious software and infect unprotected software. An emphasis towards on-line security is needed and putting the research in to marketable ideas.

Protecting your business and personal information

Your on-line activity and the information you share can be viewed by the public if certain measures are not in place to protect sensitive information. The Data protection act 1998 and 2003 is an integral importance to all organisations today. There are 8 main rules for organisations. For more information visit www.securtiyinshredding.com and download out information leaflet.

Any business that stores a person’s details on electronically and especially sensitive data like card details, this data needs proper security/ encryption. Ensuring this data is protected correctly, maintain and update your site regularly. Sensitive data is correctly protected. There are a number of methods for obtaining data from a database. Some hacking methods cannot be avoided and data can be retrieved but as long as the sensitive data is encrypted then the data is useless to the hacker. Once data is encrypted the data can only be viewed by an admin.

There are a number of steps you can take to ensure that the data you possess is being stored and protected correctly. Data destruction is now as important as Data protection. Having a licensed shredding service securely destroy documents and  hard-dives will help protect you and your customers. There are shredding services available to cater for your needs.

Improving on-line security and visibility

As most security issues can be human error. With mobile devices widely available, people often forget to secure there phone correctly. Following these steps below can help you improve your on-line security.

  1. A proper anti-virus software with firewall protection on all electronic devices.(desktop, laptop, mobile)
  2. Enabling a two step verification login.
  3. Be aware of what information sites show publicly as each site is different.
  4. That sensitive data is encrypted with the latest encryption method.
  5. Report suspicious behaviour to your own and site you use as they may not be aware of the issue until someone tells them.
  6. Use a secure password, “123456” and “password” are NOT secure passwords and are surprisingly used more often than you think.

For more information on Data destruction and confidential document destruction visit www.securityinshredding.com/ for further details.

Email us at : info@securityinshredding.com

Minister says Data Protection Commissioner is independent

Posted on by
Reply

Data Protection CommissionerRTE News 28th January 2016

The Minister for European Affairs and Data Protection has defended the Office of the Data Protection Commissioner, saying it is completely independent of government.

Minister Dara Murphy was responding to the news that Digital Rights Ireland is to take legal action against the Government, challenging whether the office is truly an independent data authority under EU law.

DRI says a series of judgments from the EU’s top court have stressed the critical importance of a truly independent data protection authority.

However, DRI says it will claim in court that Ireland has failed to properly implement EU data protection law or follow the requirements of the Charter of Fundamental Rights by failing to ensure the Irish ODPC is genuinely independent from government.

Speaking to RTÉ News, Mr Murphy said he was aware of the impending case, but said it would be up to the courts to decide.

He added that the ODPC and its functions are completely independent of government.

He acknowledged that the ODPC is government funded, but said apart from that it is like many other agencies in the state that are independent of government.

Mr Murphy also defended the public sector’s attitude to data protection, following criticism earlier today from Data Protection Commissioner, Helen Dixon.

The minister said improvements in compliance with data protection rules are needed across society including Government departments and the public sector generally.

But he said the new European General Data Protection Regulation will change and strengthen data protection rules.

He added he had recently brought local authorities and semi-state companies together to impress upon them the strong obligations they have in this area.

He said public bodies are engaging, although that doesn’t mean there is not more work to be done in the area.

On the controversy around the Garda Síochána Ombudsman Commission’s accessing of journalists phone records, Mr Murphy said the Minister for Justice was right to commission an investigation into it, as it is absolutely essential that citizens have confidence in any state agency that processes or handles their data.

Commissioner critical of compliance levels

Earlier, Ms Dixon criticised the level of compliance with data protection laws in the public sector.

Ms Dixon released a statement setting out priorities for data protection rights and protocol in 2016 to mark the tenth annual Data Protection Day.

In particular, she has called for improvements to the legislative process to ensure greater deliberation and scrutiny of issues that interfere with the fundamental right to data protection.

The commissioner acknowledged data protection is not an absolute right and in certain circumstances, must yield to other competing rights.

However, she also stated that if a public body is going to interfere with data protection rights, it must generally be provided for by law, be proportionate, necessary and made in the general interest or need to protect others rights.

Ms Dixon concludes that consideration must be given to all of these matters when drafting legislation.

 

Her pointed comments come as her office prepares to begin an audit of contentious powers used by several public bodies, including An Garda Síochána and GSOC, to access telephone records and other electronic messages.

Free Shredding Event Limerick

Posted on by
Reply

18/1/16 REPRO FREE Businesses and householders throughout Limerick are being invited to drop off confidential documents to be shredded free of charge at a one-day event in the Mungret Recycling Centre on Thursday, January 28th, from 11.00am to 3.30pm. Pictured at the Mungret Recycling Centre are from left: Albert Kelly of Security in Shredding and Sinead McDonnell, Environmental Awareness Officer, Limerick City and County Council. Limerick City and County Council in conjunction with Security in Shredding, a company that offers confidential document paper shredding services in Ireland, are facilitating the 'Free Shred Event' to mark European Data Protection Day 2016 and promote good waste management practices. Pic Sean Curtin Fusionshooters.

To Celebrate European Data Protection Day Security in Shredding whom are Data Destruction Experts, are holding a Free Shredding Event in Mungret Recycling Centre in Limerick in conjunction with Limerick City and County Council.

You may ask why is the event free? To answer your question, we aim to increase the importance of Data Protection Awareness by running this event. All shredded paper material will then be recycled resulting in reducing the amount of paper waste entering landfill. Security in Shredding will also be available to speak to SME’s about the importance of implementing a “confidential paper shredding service and improving staff awareness and risk identification as they are of significant importance to any organisation”.

To read more on this up coming event please click on the following link Limerick Hosts Free Confidential Paper Shredding Event

What is the European Commission’s New Data Protection Framework proposal?

Posted on by
Reply

The European Commission announced a proposed reform to The European Union’s Data Protection Framework On the 25th of January 2012. You can read the full press release here. 

EU Data Protection, Secure Paper Shredding, Data Processor Firm

EU Data Protection

Within the announcement The Commission stated that the current framework – known as the 19995 EU Data Protection Directive is outdated. The main reasons for the framework to be outdated are due to rapid technology change and globalisation. These points are important to consider when deciding upon the best option to securely destroy your sensitive paper data through a confidential paper shredding service. Whether the service will be an onsite paper shredding service or an on-demand offsite paper shredding service it is important to ensure that your paper shredding company is a Data processor. You can see the list of registered Irish data processing firms here.

The new Data Protection framework will be a regulation which means all member states will have to abide by the rules. The rules will go into effect two years after they have been adopted by the member countries which is expected to be in 2018-2019.

Security in Shredding Team.

Paper Shredding Dublin

Posted on by
Reply

This brief blog article will focus upon the topic of Paper Shredding Dublin and will share some insight into unacceptable high risk practices with some links to helpful guidance websites to help with the decision making when establishing a document shredding protocol and digital data destruction protocol within your Organisation and households in Ireland.

Data Protection and the ethical procedures for the disposal of end of life data is essential for all in today’s ever evolving data world. Hard-Drives, CD’s, Data Cartridges and Paper files are the main methods for experiencing a damaging and painful data breach.

Protecting your Physical Data and in turn your Personal Identity is vital for all today and a data destruction Dublin service is the most suitable and compliant method for Organisations operating in Ireland and us the Irish citizens to Confidential Shredding, Data Protection, Data Protection FInes, Data protection Penalties, Secure Shredding, Data Destrcution, Complianceassert the protection of our information.

 

High risk practices;

 

  1. Following the guidance of other Organisations both in the Private Sector and Public Sector;

With the advances in data reconstruction technology, increasing levels of data crime, extreme forces for lower costs in addition to contradicting and mind boggling information, simply looking at an alternative Organisation (Private &/or Public) to mimic their procedures and practices is not an appropriate method to establish your own data procedures and practices for managing sensitive paper documents. As we in Ireland are a member of The European Union we are subject to European Legislation in addition to Irish Data Protection Legislation. This point also raises the level of risk of data protection when looking at other Organisations as there have been many different views upon the legislation and the application of it in our Country.

During the Thanks Giving period in The US an extremely serious Data Breach occurred where paper documents containing personal information were found dumped in a recycling centre. These documents were traced back to a hospital which may now be in line to face serious fines and penalties. The affected parties were contacting and apologies were given on behalf of the hospital.

In November of 2015 in our own home Country of Ireland we have seen a data breach occur in one of our Hospitals which in turn personal patient records were found in a recycling bin on the street outside the Hospital.

I want to highlight these two examples as it is important to note that the protection of personal data is a global issue and it is not to be underestimated. These examples also highlight that Companies in the Dublin Region that wish to establish a Dublin Paper Shredding Service and look for guidance from Organisations either in the Private or Public Sectors may lead to data breaches which in turn may lead to negligence penalty enforcement’s. Independent research from reputable information sources that has the protection of personal sensitive data as their number one concern is the most appropriate method for establishing your data protection procedures.

 

2. Allowing you Waste Management firm to manage your end of life personal sensitive data;

This point is of serious concern for all Organisations and citizens of Ireland to ensure the protection of their personal sensitive paper data. This article is not to negatively market waste operating firms as many of them do an amazing and admirable job at protecting our environment, producing waste fuel for export to incinerators, collecting household waste, running recycling centers, separating and segregating waste materials and selling waste commodities to the recycling industry for maximum revenues not to mention the hundreds of people that are employed through waste operators, they truly are appreciated.            When it comes to personal sensitive data and the appropriate disposal of that data there are specialist firms within the market that are subject to additional standards, certifications and best practices which may not be the case for many waste operators who do not have confidential shredding as their primary business case. There is also an industry representative body for these professional specialist firms to ensure industry best practices. If you are specialist data destruction firm (Paper Shredding Firm) you are a Data Processor and recognised as a data processor under legislation. When you are a data processor you are subject to additional legislation from both Ireland and Europe and you are accountable for breaches of the legislation.                       If you are a waste operator managing waste services you may not be recognised as a data processor but as a materials processor. With this point, if a data breach occurs the Data Processor liability under data protection legislation may not be valid and there may not be accountability in the case of your data breach.

3. Empowering staff with the responsibility to destroy your end of life data;

When deciding whether or not to give staff the responsibility of destroying their end of life data or hiring in temporary or work experience staff it is important to take into account the following factors

  1. Have you provided adequate training for staff
  2. Have you included their responsibilities in their employment contracts
  3. Have you received an audit trail for your material
  4. Do you have proof of destruction
  5. Do you have proof of recycling
  6. Have you destroyed the data to the appropriate shred size
  7. Have you completed a cost benefit analysis on the activity
  8. Are staff being taken away from other activities
  9. Have you singed confidentiality agreements
  10. Have you conducted background checks upon staff

The risks when destroying data outweigh the benefits of completing the process in-house. When dealing with risk it is impossible to eliminate the risk however it is possible to minimise the risk levels and with this in mind it is important to look for a professional specialist shredding firms to manage your destruction requirements and ensure compliance to save you from possible data breaches.

 

If you require any further information to better help equip yourself from experiencing a damaging data breach please do not hesitate to contact the Security in Shredding Team for friendly helpful guidance with no obligations. You may also want to visit the following sites;

  1. https://www.securityinshredding.com/contact-us.php
  2. https://www.dataprotection.ie/viewdoc.asp?DocID=4
  3. https://www.dataprotection.ie/viewdoc.asp?fn=/documents/register/display.asp?ID=14124%2FA
  4. https://www.dataprotection.ie/ViewDoc.asp?fn=/documents/guidance/Guide_Data_Contollers.htm&CatID=90&m=y
  5. https://www.dataprotection.ie/ViewDoc.asp?fn=/documents/responsibilities/3bi.htm&CatID=53&m=y
  6. https://www.isia.ie/all-security-mobile-shredding
  7. https://www.din.de/en/getting-involved/standards-committees/nam/european-committees/wdc-beuth:din21:113162714

Very Interesting Article: Increase seen in law suits for failing to protect personal data

Posted on by
Reply

helen dixon

There has been in increase in the number of civil law actions taken against organisations and even Government departments for failing to protect people’s personal information, a conference has heard.

Such an action against one Government department for allegedly breaching a person’s data protection rights settled ahead of a listed court hearing this week.

The action, understood to have been against the Department of Social Protection, is one of an increasing number of such cases being taken against companies or public bodies that allegedly fail in their duty of care to protect people’s personal information.

The issue was raised at a Public Affairs Ireland (PAI) data protection conference in Dublin on Wednesday.

Several such cases under the Data Protection Acts have been listed for hearing in the past year or so, but they have generally been settled on the steps of the court.

They included the case of a woman who sued a pharmacist for allowing her husband view CCTV footage which showed her buying a pregnancy test. Another such case involved a GP who handed over excessive personal information about a patient to an insurance company.

The actions are taken under section 7 of the Data Protection Acts, which provide that a data controller owes a duty of care to individuals in respect of the personal information it collects or processes.

Data Protection Commissioner Helen Dixon told the PAI conference there had really been “no activity” in relation to such civil lawsuits until “very recently” but that there were now “quite a number of cases” where people were taking actions under section 7 of the Acts.

The commissioner cannot impose direct fines on organisations that fail to respect data protection rights. This will change under proposals in a new European data protection regulation currently being negotiated.

Ms Dixon also noted a recent case involving a GP who had handed over excessive personal data about a patient to an insurance company. Her office had been called as a witness. The case was settled after a day in court.

“In that particular case, the witness from the [Data Protection Commissioner] said that it really had huge impact on them to hear the data subject in that case set out for the court the damage that was suffered as a result of that unfair disclosure of their data – the excessive data disclosure – to the insurance company.”

The person had gone on to suffer enormous health problems as a result of the data breach.

Ms Dixon said she was aware of another case listed that had directly involved a government department, but it had been settled out of court.

While she did not identify the government department concerned, the commissioner said she imagined the person in question had been paid damages.

Rob Corbet, a partner and Head of Technology and Innovation at Arthur Cox, also confirmed in his speech to the event that there had been an increase in the number of people suing for breaches of their data protection rights.

The commissioner reminded those in the public sector of their responsibilities in relation to handling personal data, noting her office had successfully prosecuted private investigators last year for offences involving the ‘blagging’ of people’s personal details from a government department.

Ms Dixon said that over 100 data breaches involving public sector bodies were reported to her office every year.

“Fortunately, in most instances in recent years these have concerned breaches that are really non-systemic and haven’t affected a great volume of data subjects.”

Minister for Data Protection Dara Murphy, who also addressed the event, spoke about the Government’s key priorities for the year.

He said he had established an inter-departmental committee on data issues, bringing together the key individuals dealing with data protection in each government department.

Mr Murphy said the committee would assist in the delivery of “more effective public policy through the improved use of data”.

He said exciting advances in technology created huge potential for society and for the economy.

Departments and State agencies needed to show leadership and commitment to data protection rules as they evolved over the next year, during which a conclusion to negotiations on the new European General Data Protection Regulation is expected, he said.

The minister said the committee’s engagement would be formalised in the coming weeks with the establishment of a “data issues forum”, with input from business, civil society and other key stakeholders.

Dr Eoin O’Dell, Associate Professor of Law at Trinity College Dublin, addressed the conference on the challenges posed for privacy by new technologies and the Internet of Things.

He said that increasingly, the kind of personal and public data becoming available, as well as the sharing of public sector information and datasets online, would have an impact on decision-making processes.

“All of this is heading towards a nice, bright Utopian future. But, I think that this rhetoric needs to be accompanied by an attention to privacy, both on our own part in the creation of the data, and in our professional lives in the use of the data.”

Reference: https://www.irishtimes.com/business/increase-seen-in-law-suits-for-failing-to-protect-personal-data-1.2154537

 

 

 

Security In Shredding sponsors Ballycommon Sponsored Ride 2015 in aid of Nenagh Special Summer Camp

Posted on by
Reply

 

Security in Shredding sponsors Ballycommon Sponsored Ride 2015 in aid of Nenagh Special Summer Camp.

Security in Shredding sponsors Ballycommon Sponsored Ride 2015 in aid of Nenagh Special Summer Camp.

Away from Data Protection and Secure Data Destruction (Paper Shredding, Media Shredding and Secure WEEE Recycling); Ballycommon Sponsored Ride 2015 approached us, Security in Shredding with regard to sponsoring an advert and a cross country jump in aid of Nenagh Special Summer Camp.

Not only did the Company donate to the great cause but the brave staff also raised funds and took part themselves and their horses in the event for the day. See photo below.

The Ballycommon Sponsored Ride 2015 was very well organised and well done to all involved.

Security in Shredding are delighted to have the opportunity to contribute to this very worthy cause – Nenagh Special Summer Camp.

Ballycommon Sponsored Ride 2015

 

 

 

 

 

 

 

 

 

 

 

Minister Alan Kelly endorses Free Confidential Shredding Event to celebrate Data Protection Day 28th January 2015

Posted on by
Reply

Data Protection Day 2015

So, it’s 2015 and many of us will have made a New Year’s Resolution to organise our paperwork and get rid of documents, old bills and other correspondence. It’s a task most of us dread let alone the stress and worry of how to securely dispose of this material– However help is at hand at two locations in Waterford and Limerick to mark Data Protection Day on January 28th 2015.

Minister for Environment – Alan Kelly supports Security in Shredding in celebrating Data Protection Day whom are offering A Free…. Yes FREE on-site shredding service for householders and SME’s on January 28th, in conjunction with the Southern Region Waste Management Office, Limerick City and County Council and Waterford City and County Council Authorities. The event will encourage data protection and the best practices in addition to waste segregation and the appropriate, safe and secure methods of disposing paper waste.

Householders & small businesses across the region are encouraged to bring along documents to the designated locations and avoid the financial, mental and emotional loss associated with identity theft on Data Protection Day. By participating in this event you would be beginning 2015 with organized and clutter free filing cabinets, office space, creating a clean and positive working environment as well as the piece of mind that your documents are being handled securely minimising the risk of identity theft and data breaches that are caused by documents being exposed.

} In 2013 the Data Protection Commissioner for Ireland received 1,507 data breach notifications – 25 times the number reported in 2009.

 

These events are taking place at the Mungret Recycling Centre Limerick and the Kilbarry Civic Amenity Site, Waterford between 11am and 3.30pm on January 28th. All materials will be shredded on-site, eliminating risks, 100% of shredded material is recycled.

Those who avail of the event and wish to put their names into a free draw on the day will be in with a chance of winning a one night stay B&B in the Commons Inn Hotel at the Mungret Recycling Centre draw and a one night stay B&B in the South Court Hotel at the Kilbarry CAS draw. So drop in on the 28th of January and make use of this FREE CONFIDENTIAL SHREDDING EVENT. Two refuse sacks per person.