EU-US Data Agreement Allows Europeans To Sue Over Privacy Breaches

Security in Shredding Data protection & destruction

At Security In Shredding, our confidential document destruction service is done with compliance with the EU data protection laws. The data protection commissioner is responsible for upholding the rights of individuals and enforcing the obligations upon data controllers. Individuals who feel their rights are being infringed can complain to the commissioner, who will investigate the matter.

EU citizens will now be able to sue over data misuse in American courts, as part of a new agreement on data security between the EU and US. It follows years of concern over the reach of the US National Security Agency.

EU-US Data Agreement Allows Europeans To Sue Over Privacy Breaches

The EU and the US reached a deal a few months ago for comprehensive new data protection regulations which will allow Europeans to sue over improper use of their personal information in the United States.

EU Justice Commissioner Vera Jourova made the announcement, saying that from now on firm rules will be in place over distributing data to third countries or holding on to information for an inordinately long time.

“Once in force, this agreement will guarantee a high level of protection of all personal data when transferred between law enforcement authorities across the Atlantic,” said Jourova.

“It will in particular guarantee that all EU citizens have the right to enforce their data protection rights in US courts,” she added.

The move follows years of back and forth between European concerns over snooping by the NSA and US worries about stopping terrorism and serious crime.

Jourova called the agreement an “important step” to “rebuild trust in EU-US data flows.”

The deal must now be approved by the US Congress in order to come into affect. Once in place, Europeans will be able to seek redress in US courts if personal data from their home countries is given to American agencies for law enforcement purposes – to control air travel to the US, for example – and then subsequently disclosed for some other reason or to a third party.

Data Security comes in many forms and knowing is half the battle. At Security In Shredding maintaining data security is hugely important to us. Our confidential shredding service must comply with the data protection laws while in operation.

For more information regarding data protection and data security, please feel free to contact one of our shredding experts.

Email us at info@securityinshredding.com

LinkedIn Data Breach In 2012 Resurfacing With Username & Password Leak

Phising Most Common Data Breach

At Security In Shredding, digital data shredding along with paper shredding both require the correct forms of protection. Providing you with current information regarding data protection and data security is beneficial for our day to day operation and your business operation.

Back in 2012 LinkedIn accounts suffered from a data breach involving 6.5 million accounts which were then sold on-line through black market sites. Recent events have increased that number to 167 million accounts had their username and password hacked. The account details obtained are available for purchase on-line for approx €2,000

It is difficult to know what this data will be used for and who will use it. From various reports regarding the issue, password strength from accounts was inadequate.

According to the report LinkedIn have sent emails to the effected users but with the number of accounts hacked it is possible that not all user’s have being informed. Weather your account has or has not being hacked there are a number of steps you can follow to see if your account has being compromised.

What Should I Do Now?

If you have an account since 2012 and have NOT changed the password since then. It is highly recommended that you change the password immediately.

If your account is newer than 2012 then it will do no harm to update the password to a new unique one in case of a breach occurring.

Added Steps For Security

Updating your password is recommended and choosing the correct type of password is also very important. Follow these steps when creating a password is recommended;

Unique Passwords: All accounts, software and devices used should contain a different password. Avoid repetition with passwords. It is completely understandable that remembering all your passwords can become cumbersome. Remember the more you use the application the easier it will become to remember the password.

Alpha Numeric Passwords: Data breaches(Hacks) occur because people will and have used passwords such as “123456” and “password” and according to the report there were 1,135,936 LinkedIn members using the password “123456”

Use letters, numbers and special characters in your passwords. This helps create unique passwords.

Length = Strength: Most sites will have a minimum character length for password creation along with number and or special character required (varies from site to site) It is recommended to to have a password 15 – 20 characters long to ensure security.

Intel provide a password checker to test the strength of your password.

2 Step Verification: Most of the widely used sites offer 2 step verification login features. This is achieved by a user entering their username and password. They are then prompted to enter a verification code to enter to continue with the login. The code is sent to a user’s mobile or email (randomly generated code) account depending on preference. This added layer of security ensures that if a breach occurs then your account cannot be logged into without the verification.

Data breaches are now increasing in occurrence due to more and more people using digital devices. It is important that you are aware of these breaches first of all and that you implement correct procedures to ensure data security. Data breaches in the long can be harmful to a companies reputation.

At Security In Shredding our confidential document destruction and data security team are ready to take your call regarding any data security issue or data protection enquiry you have. Email us: info@securityinshredding.com

Hard Drive Must Be Destroyed To Ensure Data Destruction

harddrive destruction, Media Destruction, Confidential Shredding Service

All digital data is stored on a hard drive. Weather its stored locally (your own device) or on a cloud server, the data is stored on a hard drive. The device used to access this data be it a computer, laptop or tablet technology will become outdated or slow to use. When the time comes you may wish to get rid or sell the outdated device.

This is where the data risk lies. Before you sell the device you might have deleted all your local data from the device or even formatted the drive. This does not remove the data from the drive.

The fact is there are software programs designed to help thieves extract data even after data has been electronically destroyed.

At the same time, there are other concerns that make secure e-media and hard drive disposal a critical aspect of device security.

Current Storage Drive Trends:

Affordable.  Hard-drives and storage devices in desktop computers, laptops, servers, phones, USB thumb drives, printers, copiers, and other equipment have become widey available and affordable. In 2015, technology companies shipped more than 2.6 billion devices containing hard drives, according to IT research firm Gartner.

Internet of Things (IoT).  Digital data storage and usage is increasing in businesses and organisations. This increased usage means that more and more devices are connected to a network and can increase the risk of data breaches within a network. Protecting against these potential as data breaches are increasing.

Upgrading.  Electronics become obsolete (and are replaced) within three or four years – and that affects BYOD security and other safeguards. We live in a world where the number of mobile devices exceed the number of people in the world. When upgrading ensure that the older device is destroyed or the data storage device is destroyed.

Cybercrime.  Industry experts predict a continued boom in cybercrime. In America the terms of cost, the average consolidated total cost of a data breach rose 23% to $3.8 million in 2014 compared to the previous year. The 2015 Cost of Data Breach Study: Global Analysis from Ponemon also showed that the average global cost for each lost or stolen confidential record increased from a consolidated average of $145 to $154.

If it can happen in America it can happen anywhere else. Most of the applications you use will be developed globally and the breaches

Responsibility.  Data Protection is a corporate priority and responsibility. The Data Protection Commissioner is set up to ensure that businesses and organisations are protecting data correctly. The DPC also provides guideline on how to protect your business data from breaches. Guidelines can be read here: https://www.dataprotection.ie/docs/Guidance-Material-Menu-Page/m/219.htm

Secure document shredding and media destruction companies will provide secure method of data destruction. For more information please visit our site.

 

Data Protection Laws Set For An Update (2018)

Security in Shredding Data Protection Law

The General Data Protection Regulation has now being published in the official journal:  EU Official Journal. The journal was released on the 4th of May 2016.

This will result in the GDPR entering into force on the 24th of May 2016. Provisions will be directly applicable form the 25th May 2018. Organisations will have two years to prepare to the changes. Training courses on how to prepare for the changes are available in various cites throughout 2016 and 2017.

Data Protection Ireland Journal will keep you up to date with articles and journal entries regarding the new changes.

This change will effect Irish people and a course will take place in Dublin.

  1.  Friday, 16 September 2016

  2. Wednesday, 05 April 2017

The course will start at 10:00 to 16:00 (including lunch).

The course will cost €545 plus VAT

This course provides delegates with a detailed insight in to the main provisions of the Regulation, as well as practical guidance on what organisations should start doing to ensure that they are prepared for the new changes. The content includes:

  • The scope of the Regulation, including extra-territorial applicability
  • Key definitions
  • The role of the lead authority
  • The principles relating to personal data processing, including a detailed analysis of ‘consent’ and ‘legitimate business interests’
  • New obligations on data processors
  • Data breach notification
  • New obligations for Data Protection Officers
  • Data subjects’ rights
  • Data protection by design and default
  • Codes of Conduct and Certification
  • International data transfers
  • Consequences of non-compliance

Anyone attending the event should have a basic knowledge current data protection legal requirement. For anyone who does not have any knowledge of data protection laws can get up to date with data protection essential knowledge level 1 and then data protection essential knowledge level 2.

The course is recommended to be taken by compliance officers, HR managers, Office managers, Company secretaries, IT managers, Business analysts, Records Managers, legal advisers, Database managers and others.

Compliance & Your Data Processor

At Security In Shredding confidential document shredding and all other services provided are done in compliance with the law. Data Security and Data protection are paramount objectives for us to achieve. We keep up to date with these laws to ensure that we are operating correctly when processing Secure Documents.

If your business or organisation requires a Secure Document Shredding specialist please contact one of our team members for more information.

This change not only effects us but everyone within the EU, please like and share this article or join in on the conversation on our twitter feed

4 Reasons Why A Paper Shredding Service Is Needed

Security In Shredding on site service

Paper shredding or document shredding is vital for protecting confidential and sensitive information / data. Most of us create and keep files with sensitive data; examples of which are bills, financial statements, marketing plans, employee files, and even delivery packages. Industrial shredding services are used by Government offices, non-commercial organizations, small and large businesses, and private citizens. These document shredding specialists will shred the documents securely beyond recognition.

1. Compliance With The Law

We all have the right to protection of personal information. The Data Protection Commissioner was put in place to enforce the obligations of businesses to protect data. Failure to comply, as there are laws that penalize improper disposal of documents with sensitive and confidential content. Businesses and Organizations that hold personal data but neglect to protect it face financial and legal consequences. Employers for example use paper shredding services to get rid of employee files which are no longer in use.

2. Positive Recycling Habit

Reducing the amount of paper used in an office is a good reduction method, while reduction also ensures that there is less of a chance data breaches from misplaced documents. The paper and documents shredded by a mobile paper shredding service will be put into a compost heap and reused at a later stage. This creates a good recycling method for your business and benefit the environment overall.

Data Protection, Paper Shredding, limeirck paper shredding

3. Preventing Identity Theft

Without shredding or destroying documents before disposing them, Identity theft is a possibility. All it takes is someone to simply look into a bin and grab what they can. With data now widely available is now more of an issue. Any data is far better shredded before disposal, all it takes is one piece of information in the wrong hands for a data breach to occur. These breaches are damaging for a business or organisations reputation.

clear out paper shredding

4. Eliminating Clutter & Hazards

Papers occupies space and cause clutter and increase the risks of fire. Once a document has served its purpose, offices need to constantly get rid of these papers as part of an organization-wide records management system. A paper shredding policy within an organisation for when to retain and destroy documents will help an employee to take care of the proper disposal and destruction of paper documents. However shredding services are available throughout Ireland and hiring a industrial paper shredding company is more cost effective.

Document shredding is important part of business practice. Mobile paper shredding services are available. Along with an awareness to data breaches and compliance with the law will ensure data security.

Security In Shredding provide high quality secure shredding services. They provide a Confidential Waste Disposal service both on site and off shredding available. If you are in the Limerick area then please visit our Limerick page for more details.

Addressing Incorrect Data Destruction Habits

Data Protection, Paper Shredding, limeirck paper shredding

Shredding confidential paper in a business must be done and there are legislations in place to protect against data breaches. Failure to enforce these laws or inadequate data protection in place by a business will result in a hefty fine of up €100,000.

Human error is is arguably the biggest cause of data breaches are caused by employees and contractors. Human error is not solely to blame. Even high profile hacking cases involve employees inappropriately clicking on links and allowing the bad guys in. It is quite easy with a little bit of know how you can be easily tricked and baited into clicking a malicious link that will cause a data breach.

When it comes to proper data destruction, or avoiding data breaches due to improper destruction of data and confidential information. It comes down to employees knowing the dangers and pitfalls of potential data breaches within the office. Despite any amount of training, however, there is one lesson too many data controllers have learned the hard way. In order to maximize compliance, proper disposal of information has to be easy for the employee.

Some organisations might require employees to use a shredder in the copy room which is not easy. So much so that it is not even reasonable to think they will consistently do it. Whether because of carelessness, workload issues, pressures outside work, or laziness, compliance failure is inevitable. Nor is it reasonable to give employees the discretion on what is destroyed or options on where information-bearing media should go. Whenever a recycling bin is next to a shred bin, it is easy to find confidential information in the recycling bin. Making this process as easy as possible for our customers is recommended. We clearly have each console labelled so our customers know exactly what we can and can’t take in our locked consoles. We provide staff awareness days to help businesses improve their data security.

Data Protection, Secure Paper Shredding

The same goes for IT asset disposal. Since employees are less likely to toss out computers, it can be less of an issue. However, leaving the decision to the IT department instead of dictating the procedure through security and compliance can cause a problem. With electronic storage devices there is no true way to destroy the data using software. A physical destruction of the device must be done to ensure data destruction.

Educate and Awareness for you and your employees benefits with proper data destruction. Contacting a Secure Confidential document destruction service to incorporate into the business practice will improve your data security and destruction.

For more information on a secure document destruction service in Ireland, then please visit: https://www.securityinshredding.com/ or

please like, share and follow us on Twitter: @Securityinshred

Adopting A Secure Document Shredding Strategy For Business

 confidential shredding, clean desk policy

A secure document shredding policy is integral to any business and protecting customer data is legislative. The Data Protection Commissioner implements the provisions of EU Directive 95/46. Not only are these regulations that require businesses to shred documents securely, but it is also part of running a business and maintaining a positive business reputation.

Why Businesses Need To Securely Destroy Documents?

Every day, companies create paper documents and these documents require shredding. Practically any document that contains data and especially sensitive data needs to be shredded. In particular data containing the following would be regarded as sensitive data:

  • Person’s Name
  • Address
  • contact information
  • Account Details
  • Credit Card Details
  • Budget Reports
  • Medical Reports
  • Payroll information
  • Legal contracts
  • Receipt Information

This is a snippet of what data to shred any and all documents should be securely destroyed by a secure document shredding service.

How This Data Can Be Used Against You?

Not only is forgery and fraud a major issue but also there is of course the potential for bad publicity, loss of customers and lawsuits to name but a few of the dangers. Identity theft is a common issue with data breaches. Criminals will use this data to either make purchases or obtain more data under the pretence of your name.
It is important that all businesses shred or destroy certain sensitive documents. Law enforcement, legal industries, government agencies, banks, health care providers, insurance providers, financial brokers, and real estate are just a few industries where managing paperwork is crucial.

How To Manage Business Documents Safely & Effectively?

A detailed security policy for every type of document your business handles is essential and employees need to know these policies before starting work.

For example:

What are the shredding requirements for the various document types that your company frequently uses? What are employees allowed to photocopy? Incorporating a reputable Confidential Shredding Company that has a good track record. While also training employees about the correct method of destroying sensitive documents and ensuring correct secure policies about how long to hold and when to destroy documents.  Access to company records should be controlled and restricted to a small number of trusted individuals and there should be rules relating to access of these records. A notification or logging system can also be in place to account for what and where data is being used.

At Security In Shredding we operate throughout Ireland and frequently do business in areas of Dublin, Galway, Limerick, Cork and Waterford areas.

For a more information on Shredding confidential paper Services & data destruction service, please visit: www.securityinshredding.com

Like, Subscribe to our Twitter: @Securityinshred

The New European Data Protection Legislation

“Cannot be ignored by any business.”

Security In Shredding on site service

At Security In Shredding when shredding confidential documents we must comply by the EU standards. These standards along with the Data Protection Commissioner ensures that our work is done to the highest quality. Security is paramount and failure to comply with these laws can result in a hefty €100,000 fine. These laws also apply to all business that handle sensitive data.

The EU Data Protection Rules that are expected to come into force in 2018 will have an effect on all business and cannot be ignored according to legal experts in the field. The final text was agreed upon in December 2015 after years of negotiations and analysis.

The new regulation is aimed at harmonising the European Data Protection Legislation and reforming the outdated EU directive on Data Protection and replace all inconsistent laws across the European Community.

Even though the digital economy is at the core of this new regulation it is ESSENTIAL to note that physical data is also covered and holds the same fines and penalties which are described below.

One of the most eyebrow raising and awakening points from the new regulation is not only that it gives rise to increased compliance requirements but breaches in compliance are backed with heavy financial penalties which have turned out to be up to 20 million or 4% of annual turnover, whichever is the greater.

The journey to compliance

From the experts here at Security in Shredding; Organisations approach to comply with the GDPR will need to include three key components; These are:

#1) a compliance journey

#2) a transparency framework and

#3) enforcement, sanctions and remedies framework.

The compliance journey requires Organisations to classify the personal data in their possession; complete risk assessments; apply privacy protections into all existing and new business operations; employ and empower dedicated data protection officers; monitor and audit compliance; and document everything they do with data and everything they do to achieve legal compliance. All data stored electronically and physically will have to be managed appropriately. Waste paper will have to be destroyed through certified data processors and not enter general waste streams.

The new transparency framework will mean that Organisations need to redevelop how they engage with external people including all external vendors that process material for them, service such as paper shredding, external invoicing, digital data destruction and marketing will all have to review how they process information and give clear and full information on what is happening to personal data.

The new enforcement, sanctions and remedies framework will give appointed data protection officers high authority to make decisions for the protection of personal data and achieve compliance for their Organisation.

Please visit our site for more information on shredding confidential paper.

Join in on the conversation on Twitter @securityinshred

 

 

Top 5 Workplace Security Tips

secure data, workplace security

Workplace Security does not just mean a simple office shredder. Data Protection comes in many forms and is worth knowing these methods.

Data Protection is an important part of business practice. Paper shredders are often used to shred confidential documents. Your standard office shredder does not provide adequate security when shredding. An Industrial paper shredding service will provide a secure document destruction method for your business to use.

Along with paper shredding, there are many other forms of security you and your business can incorporate into everyday practice. We live in an age where data breaches are becoming more and more common which makes protecting this data ever more important. Digital data is now an area of protection and is often overlooked. These over sights is what cyber criminals will prey on and thus a Data Breach will occur causing severe damage to your business reputation.

 

Tip 1: Outsource your secure and confidential document destruction requirements to a certified professional Data Processor whom is reputable and reliable.

Tip 2: Enquire with your current data destruction provider about their e-media services. Hard drives and other types of media should either be shredded or crushed to ensure all the electronic data is securely destroyed and beyond reconstruction. If your service provider does not provide same, contact a member of our team whom are more than happy to help with your enquiry.

Tip 3: Choose a Service Provider that uses secure certified document destruction technologies, lockable consoles and/or locked 240 Litre wheelie bins, issue Data Processing Certificates and operate with a secure chain of custody.

Tip 4: Appoint a Data Compliance Officer in your Organisation whom is responsible for ensuring compliance regarding the correct management of both paper data and digital data within an organisation.

Tip 5: Conduct regular staff refresher training days regarding the importance of information security and the processes associated with same. Have training material prepared and on hand for induction training when new employees begin.

 

For more information on paper shredding and confidential document destruction in Ireland please visit: www.securityinshredding.com

Data Processors And Data Commissioner

Data Protection Commissioner

Mobile Paper shredding throughout Ireland and the companies that provide confidential document destruction are governed by Data Protection laws and the Data Protection commissioner. This can be broken down into two parts.

Data Processors

Security in Shredding are registered Data Processors with the Data Protection Commissioners Office. So what is a Data Processor one may ask; a Data Processor is a company, organisation or person who processes data on behalf of a Data Controller. “This does not include employees who process data in the course of their employment.”

“Cloud providers are also generally Data Processors.”

“It is possible for one company or person to be both a data controller and a data processor, in respect of distinct sets of personal data. For example, a payroll company would be the data controller in respect of the data about its own staff, but would be the data processor in respect of the staff payroll data it is processing for its client companies.”

“A data processor is distinct from the data controller for whom they are processing the personal data. An employee of a data controller, or a section or unit within a company which is processing personal data for the company as a whole, is not a “data processor.” However, someone who is not employed by the data controller, but is contracted to provide a particular data processing service (such as a Security in Shredding providing and conducting a confidential secure data destruction service) would be a data processor.

Responsibilities of data processors

The Data Processor must only process personal data on the instructions of the Data Controller, for example, the Client (the Data Controller) schedules an on-site service delivery where by Security in Shredding (the Data Processor) arrives on-site to conduct on-site shredding of the clearly identified material for destruction. The responsibilities concern the necessity to keep personal data secure from unauthorised access, disclosure, or destruction unless confirmation is received prior to doing so.

“In addition all data processors, whose business consists wholly or partly in processing personal data on behalf of data controllers who are required to register, are also required to register with the Data Protection Commissioner as a data processor.”

For further information about Data Processors please click on any of the following website addresses;

www.securityinshredding.com

www.dataprotection.ie

www.aurthercox.com

Also available in the Limerick area and please visit:

www.securityinshredding.com/limerick-shredding-services.php