Tag Archives: Confidential Shredding

Data classification and identification

Posted on by
Reply

Security In Shredding on site service, Onsite shredding service

Confidential shredding in Cork and throughout the country can incorporate a off site document shredding service to promote good business practice.

Internal Data classification and identification is when an Organisation tags their data so it can be managed effectively, securely processes, found quickly and destroyed appropriately.

It is a beneficial exercise for many Organisations as it helps to de-duplicate data stored on devices, this de-duplication vastly speeds ups data searches while also saves upon revenue in the form of storage capacity and back-up requirements for a given Organisation.

This exercise is also required for Organisations who need to meet legal and regulatory requirements for destroying the information beyond reconstruction, not holding information longer than necessary in addition to enabling an Organisation to retrieve specific information within a set timeframe.

Data strategies vary significantly from one organisation to another for many reasons. For example, many may generate different types and volumes of data that are subject to differing legislative requirement and responsibilities. The balance of information type can vary from one user to the next between e-mail correspondence, images, video files, office documents, customer and product information, financial data just to name a few.

It may seem a good idea to tag and classify everything within your Company database however experts here and abroad advise against this due to high costs and success rates within Organisations. Certified database technology is available for Organisations however; this method seems to work best for Governments with an allocated budget for the activity.

Alternatively, it is advised that Organisations can choose certain types of data to classify into the main segments of your business, for example; account data, personal data and commercially valuable data.

It is advised that an Organisation’s data is to be classified in line with their confidentiality requirements. It is important to carry out an information audit at this stage which in turn will give you an accurate view of the nature of the data.

It is essential for an Organisation to ensure that the data it is classifying is of good quality, “Common pitfalls for Organisations is that too much rubbish is allowed to accumulate, from duplication to copies of office party photos to personal letters to bank managers”, storage cleansing technologies are extremely useful at this stage to eliminate obsolete, trivial or redundant content.

Once the classification system is up and running it is important that management and staff take part in periodic reviews as it is not set in stone and business developments can translate to design changes in data classification.

Once the data has been classified an Organisation is empowered with the ability to tailor procedures for specific data in order to maintain regulatory compliance.

Secure Destruction of Sensitive data.

When destroying information whether it be hard paper data or digital data on data carriers it is essential for Organisations to ensure that they comply with regulations and are not proving to be negligent in their processes. For this reason, we have constructed three different protection classes for data that requires specific attention to ensure that the material has been destroyed appropriately.

 

Protection Class

 Risk

 

 Protection 1:Normal security requirement for internal data Unauthorised publication or dissemination would have a limited negative impact on the company. Protection of personal data must be ensured. There would otherwise be a risk to the position and financial situation of the affected persons.
  Protection 2:High security requirement for confidential data
Unauthorised dissemination would have a considerable effect on the company and could infringe legal obligations or laws. A personal data data-breach would result in considerable risk to the social standing and financial situation of the affected persons.
  Protection 3:Very high protection requirements for particularly confidential and secret data. Unauthorised dissemination would have serous terminal consequences for the Company and infringe upon trade confidentiality, place a data subject at risk of safety or freedom, break contracts and legal law.

It is essential that the confidentiality of personal data is maintained.

 

Destruction Tips;

Protection Class 1:

Destruction activities must be carried out in line with a detailed procedure, all staff carrying out destruction activities are to be trained. Alternatively, destruction processes are to be implemented and provided through a data processing firm receiving all data processing certificates for completion of destruction. All data is to be destroyed to shred No. 3 of EN 15713.

Protection Class 2:

Destruction processes of data in protection class No. 2 are to be implemented and provided through a data processing firm receiving all data processing certificates for completion of destruction. All data is to be destroyed to a minimum of shred No. 3 of EN 15713. The data processor must be registered for their services.

Protection Class 3:

Destruction processes of data in protection class No. 3 are to be implemented and provided through a certified data processing firm receiving all data processing certificates for completion of destruction. All data is to be destroyed to a minimum of shred No. 5 of EN 15713. The vendor must be independently certified to destroy paper and digital data beyond reconstruction and they must be registered for their services with the policing authority in the relevant Country.

Visit: https://www.securityinshredding.com/ for more information on a confidential shredding service.

Data Protection Ireland Today

Posted on by
Reply

Data proccesser and data commissioner

Secure document destruction in Ireland can come in the form of an onsite paper shredding service or an off site paper shredding service. Data comes in many forms and The Data protection Act is in place to ensure that this data is protected.

Data Protection is a vital for a business to succeed and remain in business. If customers or users know that your service does not protect your data. It will be a massive loss to business and business reputation. Your business can suffer from a severe penalty for not protecting your data.

An interesting article written by Colm Gorey titled “3 issues defining data protection in Ireland today  The issues discussed are relevant to today’s business. The 3 topics discussed were:

  1. ISO 27018: Cloud computing privacy standard – one year on

  2. Personal data and your right to access it — Ireland vs the UK

  3. Challenges to data protection under the internet of things

The first point talks about the governing of personal data through cloud based systems. Standards have being created to ensure the protection of data and were received well by Data Security experts. The ISO 27018 standard can be read here. Cloud computing has become a major asset to business functionality and knowing what cloud based systems are doing with your data should be investigated and researched when changes if any occur.

The second point refers to Irish and English law. Although both countries have similarities the law for each country does vary and in particular with personal data and access to it. Your business must abide by the rules in place of the country it is based in. A good example of how country laws differ can be read at this link.

Awards of Damages for Data Protection Breaches – UK and Irish Approaches Contrasted

Thirdly the internet of things (IOT) refers to the general use of internet and internet services. Governments and official bodies are trying to develop ideas or frameworks that will regulate the internet of things. What has happened is the EU 28 data protection bodies.

for more information on data protection and a confidential shredding service please visit: https://www.securityinshredding.com/

 

 

Data Protection A Human Right

Posted on by
Reply

Amnesty International Data Protection a Human Right

Confidential document destruction services are vital part of business data protection. paper shredders / shredding services in Ireland have governing bodies in place to enforce and ensure people are complying with Data Protections laws.

“Encryption is a basic prerequisite for privacy and free speech in the digital age. Banning encryption is like banning envelopes and curtains. It takes away a basic tool for keeping your private life private,” said Sherif Elsayed-Ali, Amnesty International’s Deputy Director for Global Issues.

It can be hard to comprehend the benefit of encryption when using a device. What happens in the background on devices and applications can even confuse even the most informed individual. The above statement from Elsayed does put it into perspective. With a major organisation such a Amnesty international in support for data protection, ensuring your business protects its data needs to be paramount.

The Data Protection Act is an EU standard that ensures that the access and movement of personal data is protected accordingly. These standards are in place to protect your personal information. Online usage has grown and is still growing. Access to online services and devices to use it are widely available in particular mobile devices are now becoming the no.1 method of transactions for e-commerce sites.

Using these sites or services requires and stores personal data and this data is sensitive and businesses must ensure that this data is protected. If a business does not secure its data it can be ruin a companies reputation and not to mention the penalties for a data breach from unsecured data.

There are many ways to store and display data. Weather it is electronically or paper, if it contains sensitive data it needs to be stored and destroyed securely. A document destruction service should be sought when destroying documents. A simple office shredder will not securely destroy your documents.

Media devices such as hard drives if being replaced or recycled should be destroyed if they contain sensitive data. Wiping the drive or formatting the drive does not remove the data entirely and can be retrieved.

Din 66399 Standard is a standard set for paper shredding. This standard ensures the highest security when shredding documents and devices. When hiring a reputable shredding service this standard should be sought after.

For more information on a confidential shredding service please visit:  https://www.securityinshredding.com/

Read Amnesty International full report here:

https://www.amnestyusa.org/research/reports/encryption-a-matter-of-human-rights

Data Processors And Data Commissioner

Posted on by
Reply

Data Protection Commissioner

Mobile Paper shredding throughout Ireland and the companies that provide confidential document destruction are governed by Data Protection laws and the Data Protection commissioner. This can be broken down into two parts.

Data Processors

Security in Shredding are registered Data Processors with the Data Protection Commissioners Office. So what is a Data Processor one may ask; a Data Processor is a company, organisation or person who processes data on behalf of a Data Controller. “This does not include employees who process data in the course of their employment.”

“Cloud providers are also generally Data Processors.”

“It is possible for one company or person to be both a data controller and a data processor, in respect of distinct sets of personal data. For example, a payroll company would be the data controller in respect of the data about its own staff, but would be the data processor in respect of the staff payroll data it is processing for its client companies.”

“A data processor is distinct from the data controller for whom they are processing the personal data. An employee of a data controller, or a section or unit within a company which is processing personal data for the company as a whole, is not a “data processor.” However, someone who is not employed by the data controller, but is contracted to provide a particular data processing service (such as a Security in Shredding providing and conducting a confidential secure data destruction service) would be a data processor.

Responsibilities of data processors

The Data Processor must only process personal data on the instructions of the Data Controller, for example, the Client (the Data Controller) schedules an on-site service delivery where by Security in Shredding (the Data Processor) arrives on-site to conduct on-site shredding of the clearly identified material for destruction. The responsibilities concern the necessity to keep personal data secure from unauthorised access, disclosure, or destruction unless confirmation is received prior to doing so.

“In addition all data processors, whose business consists wholly or partly in processing personal data on behalf of data controllers who are required to register, are also required to register with the Data Protection Commissioner as a data processor.”

For further information about Data Processors please click on any of the following website addresses;

www.securityinshredding.com

www.dataprotection.ie

www.aurthercox.com

Also available in the Limerick area and please visit:

www.securityinshredding.com/limerick-shredding-services.php

Importance of Paper Shredding Dublin for Business

Posted on by
Reply

Importance of Paper Shredding for Dublin

All businesses in Dublin and the surrounding regions will produce confidential paper from their daily activities. This paper may vary in kind, content, life cycle and legislative responsibility however, the risk will remain with your Organisation.

Within the general waste and recycling industry there is a “producer pays” slogan which means that the producer of the waste has the responsibility to dispose of the waste, in a Data Protection context it is similar where the Data Controller has full responsibility over the material and how it is destroyed through a shredding service and how it is to be disposed of once it has completed the document shredding process.

Whether it be onsite paper shredding Dublin and/or offsite paper shredding Dublin a professional service should be implemented in all organisations within all industries to minimise and eliminate where possible the risks of a data breach.

Document shredding Dublin is not the only method for Organisation to ensure compliance with the Law, there are also Nationwide paper shredding companies that can provide shredding services to clients right across the Island of Ireland.

History has taught us great lessons in the importance of Data Protection for businesses. We have seen companies lose thousands of Euros, destroy their trust with customers and in some cases go into receivership due to negligence with the management of data.

All it takes is one mistake for sensitive data to end up in the wrong hands which can be detrimental for your Business and the future of your business. With the aid of experienced well trained data processing professionals an annual costing can be calculated in order for your Organisation to implement a professional paper shredding Dublin service that in turn will protect your business going into the future.

Fraud has been and still is the fastest growing crime in Ireland and Globally and with this in mind it is essential for you and your Organisation to implement a professional Document Shredding Dublin service and make certain that you are abiding by the law surrounding your documents.

If you require any information upon any of the above, please contact www.securityinshredding.com and the compliance team will aid you in your query.

Or Email us : info@securityinshredding.com

Paper Shredding Dublin

Posted on by
Reply

This brief blog article will focus upon the topic of Paper Shredding Dublin and will share some insight into unacceptable high risk practices with some links to helpful guidance websites to help with the decision making when establishing a document shredding protocol and digital data destruction protocol within your Organisation and households in Ireland.

Data Protection and the ethical procedures for the disposal of end of life data is essential for all in today’s ever evolving data world. Hard-Drives, CD’s, Data Cartridges and Paper files are the main methods for experiencing a damaging and painful data breach.

Protecting your Physical Data and in turn your Personal Identity is vital for all today and a data destruction Dublin service is the most suitable and compliant method for Organisations operating in Ireland and us the Irish citizens to Confidential Shredding, Data Protection, Data Protection FInes, Data protection Penalties, Secure Shredding, Data Destrcution, Complianceassert the protection of our information.

 

High risk practices;

 

  1. Following the guidance of other Organisations both in the Private Sector and Public Sector;

With the advances in data reconstruction technology, increasing levels of data crime, extreme forces for lower costs in addition to contradicting and mind boggling information, simply looking at an alternative Organisation (Private &/or Public) to mimic their procedures and practices is not an appropriate method to establish your own data procedures and practices for managing sensitive paper documents. As we in Ireland are a member of The European Union we are subject to European Legislation in addition to Irish Data Protection Legislation. This point also raises the level of risk of data protection when looking at other Organisations as there have been many different views upon the legislation and the application of it in our Country.

During the Thanks Giving period in The US an extremely serious Data Breach occurred where paper documents containing personal information were found dumped in a recycling centre. These documents were traced back to a hospital which may now be in line to face serious fines and penalties. The affected parties were contacting and apologies were given on behalf of the hospital.

In November of 2015 in our own home Country of Ireland we have seen a data breach occur in one of our Hospitals which in turn personal patient records were found in a recycling bin on the street outside the Hospital.

I want to highlight these two examples as it is important to note that the protection of personal data is a global issue and it is not to be underestimated. These examples also highlight that Companies in the Dublin Region that wish to establish a Dublin Paper Shredding Service and look for guidance from Organisations either in the Private or Public Sectors may lead to data breaches which in turn may lead to negligence penalty enforcement’s. Independent research from reputable information sources that has the protection of personal sensitive data as their number one concern is the most appropriate method for establishing your data protection procedures.

 

2. Allowing you Waste Management firm to manage your end of life personal sensitive data;

This point is of serious concern for all Organisations and citizens of Ireland to ensure the protection of their personal sensitive paper data. This article is not to negatively market waste operating firms as many of them do an amazing and admirable job at protecting our environment, producing waste fuel for export to incinerators, collecting household waste, running recycling centers, separating and segregating waste materials and selling waste commodities to the recycling industry for maximum revenues not to mention the hundreds of people that are employed through waste operators, they truly are appreciated.            When it comes to personal sensitive data and the appropriate disposal of that data there are specialist firms within the market that are subject to additional standards, certifications and best practices which may not be the case for many waste operators who do not have confidential shredding as their primary business case. There is also an industry representative body for these professional specialist firms to ensure industry best practices. If you are specialist data destruction firm (Paper Shredding Firm) you are a Data Processor and recognised as a data processor under legislation. When you are a data processor you are subject to additional legislation from both Ireland and Europe and you are accountable for breaches of the legislation.                       If you are a waste operator managing waste services you may not be recognised as a data processor but as a materials processor. With this point, if a data breach occurs the Data Processor liability under data protection legislation may not be valid and there may not be accountability in the case of your data breach.

3. Empowering staff with the responsibility to destroy your end of life data;

When deciding whether or not to give staff the responsibility of destroying their end of life data or hiring in temporary or work experience staff it is important to take into account the following factors

  1. Have you provided adequate training for staff
  2. Have you included their responsibilities in their employment contracts
  3. Have you received an audit trail for your material
  4. Do you have proof of destruction
  5. Do you have proof of recycling
  6. Have you destroyed the data to the appropriate shred size
  7. Have you completed a cost benefit analysis on the activity
  8. Are staff being taken away from other activities
  9. Have you singed confidentiality agreements
  10. Have you conducted background checks upon staff

The risks when destroying data outweigh the benefits of completing the process in-house. When dealing with risk it is impossible to eliminate the risk however it is possible to minimise the risk levels and with this in mind it is important to look for a professional specialist shredding firms to manage your destruction requirements and ensure compliance to save you from possible data breaches.

 

If you require any further information to better help equip yourself from experiencing a damaging data breach please do not hesitate to contact the Security in Shredding Team for friendly helpful guidance with no obligations. You may also want to visit the following sites;

  1. https://www.securityinshredding.com/contact-us.php
  2. https://www.dataprotection.ie/viewdoc.asp?DocID=4
  3. https://www.dataprotection.ie/viewdoc.asp?fn=/documents/register/display.asp?ID=14124%2FA
  4. https://www.dataprotection.ie/ViewDoc.asp?fn=/documents/guidance/Guide_Data_Contollers.htm&CatID=90&m=y
  5. https://www.dataprotection.ie/ViewDoc.asp?fn=/documents/responsibilities/3bi.htm&CatID=53&m=y
  6. https://www.isia.ie/all-security-mobile-shredding
  7. https://www.din.de/en/getting-involved/standards-committees/nam/european-committees/wdc-beuth:din21:113162714

Free Shred and Information Event in aid of Data Protection Day a true success.

Posted on by
Reply

shreddayimage

It is advantageous for the General Public and Organisations within Ireland and across the Globe to be aware that January 28th is European Data Protection Day, and it is known as “Privacy Day” outside of the EU. Continue reading

Business Environment – What can be Recycled?

Posted on by
Reply

recycling for business & paper shredding service

A secure document shredding service in the Limerick, Galway and Cork areas will provide you with the data security needed for document shredding. While also providing a recycling service for your business thus helping the environment.

Firstly, within a business it makes definite sense to recycle as reducing waste makes business sense. As all businesses run under the simple formula that is to maximise income and reduce costs, is necessity for business survival a clear achievable waste reduction and recycling plan performs as an aid to businesses in reaching their goals
and objectives effectively.

An organisation can save up to and above 25% on waste management costs with an effective waste reduction and recycling plans in operation. It is estimated that waste production can cost your business up to 4% of turnover and in some companies it can reach as high as 10%.


How Waste Reduction & Recycling Plans Benefit Businesses:

  1. Recycling services reduce net operating costs as recycling is a less expensive process than that of waste disposal.
  1. Waste reduction and recycling is a straight forward and simple task for an organisation to conduct once they have the right information and expertise helping them through. It takes a short period of time for an organisation to implement a waste reduction and recycling plan while the beneficial monetary savings will continue long into the future.
  1. Both customer and communities are aware when Organisations are environmentally friendly which in turn has a knock on effect relating to the company image and potential client perception of the organisation.
  1. The purchasing of re-manufactured goods and those manufactured with recycled content can save money and improve overall efficiency within an organisation.
  1. Through compliance schemes and compliant documentation companies can achieve awards in relation to their environmentally friendly practices which is an additional positive aspect to recycling for an organisation
  1. An organisation that is recycling ethically has the opportunity to benefit from making new business partners within various industries that have the common stance that recycling is an imperative aspect of their daily business.

 

Within the waste material produced by an organisation there are certain items that should be segregated from the main General Waste, Mixed Recycling Waste and Green Waste.
Segregated items would include Bulky Items and Hazardous Items.

Bulky Items Hazardous Items
Furniture Hazardous Chemicals
Mattresses Paint
Rock, Dirt, Concrete Used Oil
Appliances Propane Tanks
Tires Batteries

tyre-recycling
Once the items above are segregated the remaining waste is suitable for mixed recycling collections and general waste collections.
The list of materials an Organisation can recycle, re-use and/or purchase as re manufactured is vast and I have noted clearly below a list comprising of material that would be of benefit to an organisation when implementing efficient and effective recycling plans.

  • Aluminium foil and cans
  • Corrugated Cardboard Boxes
  • Class Containers, Bottles and Jars
  • Metal cans
  • Mixed paper, including magazines and junk mail
  • Newspapers
  • Paperboard Both White and Coloured
  • Hard plastics and Plastic Containers
  • Autos
  • Fluorescent Tubes
  • Metals
  • Plastic Bags
  • Tires

Organisations and businesses requiring information about the recycling can find out more by visiting https://www.repak.ie.

For more information on a paper shredding service in Limerick, Cork, Galway and Dublin areas please our site for more information.

Site: https://www.securityinshredding.com/

Why Media Destruction Of Digital Devices Is Necessary

Posted on by
Reply

confidential electronic-destruction

At Security In Shredding paper shredding services provide excellent data security. Digital and electronic devices should be treated with the same manner regarding data security. Again a sure fire method of this is physically destroying these devices once they are no longer needed.

Digital Data & Devices

Electronic Data and Electronic Devices have grown rapidly within the Business Environment which in turn has resulted in new data protection regulations being implemented and continuous security measures being improved within organisations. Due to the required high volume of Technology being utilised within Business today in addition to the level of data being gathered there has been true improvements achieved however, there are also serious problems.

At the top of this list is the significant topic of appropriately disposing & recycling the obsolete and end of life devices while protecting the personal data within the given device as organisations are obligated to do through Data Protection Legislation.

So how can an organisation be certain that their data is protected as they dispose of their devices and media that they no longer need or are no longer required to be retained for compliance purposes?

By sourcing experienced professional data (Paper, Media, and Textiles etc.) destruction companies to destruct electronic media an organisation receives many significant benefits.

Benefits such as:

  • Organisations ensure compliance with The European Data Protection Directive
  • Peace of mind that all data within the organisations electronic media is destroyed and non-recoverable.
  • Mitigates the risk of unauthorised use of the organisations sensitive information stored on electronic media.
  • The security of receiving audit ready fully traceable documentation and certification
  • Overall improved efficiency by outsourcing the destruction service to a professional company. Many organisations attempt to conduct the destruction of sensitive material in-house. This has proven in historic circumstances to be time consuming, unsecured, unreliable, untraceable and troublesome for many organisations.
  • Reduced risk of inadvertent disclosure through top level security and experienced safeguards throughout the shredding process whether it is onsite or offsite.

In addition to hard-drive and media storage devices it is essential for clients to be fully aware of the true detrimental risks attached to IT Assets and the disposal/Recycling of them. Today many electronic devices store data within an organisation.

Devices within offices such as:

  • Computer Hard-drives
  • Laptop Hard-drives
  • Printers and Scanners with internal hard-drives
  • Mobile Phones
  • Fax machines
  • Mobiles Phones
  • Servers
  • Other IT assets & office equipment

These all possess a serious risk to an organisation during the disposal/recycling process. With this in mind professional data destruction companies such as Security in Shredding provide IT Asset Disposition services to help organisations to destroy and recycle IT equipment through reliable, experienced, environmentally friendly and best practised methods and services.

For more information on our media destruction service, please visit our page and contact a member of our team if you have any enquiries.

Email us at: info@securityinshredding.com