Tag Archives: Data Protection

6 Methods To Increase Security In the Office

Posted on by
Reply

irish data breaches, Data Protection, Paper Shredding, Data Destruction

Security In Shredding provide industrial paper shredding and secure document shredding services throughout Limerick, Dublin, Galway, Cork and Waterford areas. We strive for proper and secure service and ensure data security for your business.

Security is paramount to a business and to a business that possesses client data. Any client data weather its sensitive or not must be protected by you. There are a number of ways for a person could breach a businesses security. Knowing these potential breaches and setting up preventative and deterrent methods throughout your business will benefit you and your business. If customers are aware that a businesses data protection is not secure will be harmful to for your business.

Below are a number of methods to help you improve your security for small businesses.

1.    Equipment needed for the size of the office

Choose the equipment based on the type of office you have. Is the space rented? then you may need to use a system that does not interfere with walls and structure. An open office space would require less equipment as it can monitor a greater area. Before choosing a security plan assess the area you are in before committing.

2.    Decide how many cameras you need

Deciding on the number of cameras should also be considered. Do you want to cover all the office or important areas such as supply or equipment rooms. If you are getting them installed professionally, get a consultation before installation.

3.    The type of camera needed

Cameras come in various shapes and sizes. Do you want a camera to rotate to cover a greater area. A disguised or concealed camera to better fit your space. A camera with night vision can also be used.

4.    Additional Sensors

Along with cameras you could also use motion sensors. These are often more discreet and harder to spot in a room. Magnetic sensors are also easy to conceal and a simple and effective security sensor. Consulting with a professional will give you the best process to adopt for your office space.

5.    Mobile Alert System

An alert system is important for the business and setting up the right alert system for the office. Take into account how busy the office is. Are there people in the office after hours needs to be considered to avoid alert spamming. Any reputable security system will have an alert system available on your mobile device.

6.    A Reputable Provider

Research various security installation firms. Find a plan that suits your companies needs and be aware of added costs. Enquire about scalable contracts if you choose to expand your office. Security firms must abide by standards and processes to be recognised as a security firm.

A reputable shredding service also provides added security for your business. Fore more information on a shredding service please visit: https://www.securityinshredding.com/

 

Paper Shredding Dublin (Data Processing Service)

Posted on by
Reply

Data Destruction (Dublin Area)

Shredding documents In Dublin as part of industrial paper shredding method for your business is now must be implemented under the data protection act.

All businesses are and if not they should be aware of their responsibility to segregate and dispose of their general waste and recycling. These rules have been established under the Irish Waste Management Act 2001 which can be viewed at; https://www.environ.ie/en/Environment/Waste/WasteMgmtActs/.

Within this Act it is essential for all Organisations to use a waste processing firm that is reputable and has the required certifications from their relevant County Council and in turn the client has full traceability of their waste materials.

When dealing with sensitive paper data that has reached its end of life hiring any Dublin paper shredding service may not be sufficient and may not achieve full compliance. Cost should never be the determining factor when hiring a Dublin document shredding service, the cheapest may not achieve compliance and it is compliance that is required by Organisations to achieve in order to protect their data and their public image.

As detailed above waste recyclers are also known as material processors, similarly companies that offer data destruction services are not only waste processors but they are Data Processors. It is this title of “Data Processor” that drastically differentiates a recycling firm from a Data Processing Firm. It is The Data Protection Acts that recognise Data Processors and Data Controllers and if a data breach occurred and it was found that for example the Dublin paper shredding firm was not a data processing firm they may argue that the Data Protection Acts do not apply to them as they were simply processing material not data. It is important for all Organisation to be aware of this point as they may be receiving a Dublin materials shredding service at a more attractive cost however, they are not receiving a fully compliance and data protecting service. The following applies to many industries and services; “The cheapest is not always the best”.

 

Questions to ensure that your Dublin Paper shredding vendor is a Data Processor;

  • Is your Organisation a member of an Industry Representation Body in Ireland?

Required Ans;  Yes

 

  • Does your Dublin Document Shredding Company process various recyclable material on the same site as the paper shredding?

Required Ans;  No

 

  • Does your Dublin Paper Shredding Company ship various material to the recycling market other than data carrying materials (e.g. Cardboard, plastics)?

Required Ans;  No

 

  • Is your Company Certified from an Independent Body in Ireland for European Security Standard EN 15713 and not “Self-Certified”?

Required Ans;  Yes, we are certified by an independent body in Ireland.

 

  • Is your Dublin Paper Shredding Company listed on The Data Protection Commissioner’s Public Register of Data Processors? Can you give me your reference No.?

Required Ans;  Yes, we are and you can see us on the list if you visit www.dataprotection.ie  

 

  • Do you use Data Processing Agreements?

Required Ans;  Yes

Methods Aimed To Prevent A Data Breach Within An Organisation

Posted on by
Reply

secure data, data security, document destruction

Along with a onsite paper destruction service, businesses on-line and electronic data can be vulnerable to a data breach if not adequately protected.

A data breach can occur from a small genuine mistake to a significant planned breach. In this article we will discuss methods any Organisation can take to help prevent a data breach occurring and in turn minimise the risks of experiencing negative public image and damaging press.

  • Training: All employees that handle sensitive documents and/or have control over/access to sensitive digital data should be trained appropriately. All employees should be made aware of the applicable Data Protection Act principles both at an Irish level and a European Level.  External obligation through legislation is important for all employees to be informed of however internal policies must be drawn up and communicated to all staff members.
  • Risk Assessment: All Organisations should conduct a risk assessment of their IT systems which in turn will help them to identify security threats and improve upon potential weaknesses.
  • Penetration Protection: Up to date anti malware software should be used to detect potential damaging malware on employee work devices. Periodic reviews should be complete to ensure that firewalls will defend against malware.
  • Encryption: All data inclusive of static data on external storage devices and data in motion which is data being sent between two separate devices should be encrypted. Encryption If information or devices are stolen; thieves will not be able to access the sensitive information.
  • Monitoring: We advise that employees should physically protect both electronic devices and paper records in their possession that contains sensitive data. While a Clean Desk Policy can help, it is sometimes difficult for an Organisation to ensure that employees keep their desk clean.
  • Control Access: Different members of an Organisation will need to access sensitive information at different times. Employees at each level should only have access to information that is relevant and required to their job. A secure ID system should be implemented within your Organisation that will only allow specific employees access to specific information whether it be on a device or on a paper record.

Physical Safeguards: Limit physical access to facilities where Company IT is housed. All hard drives and e-media should be securely destroyed in line with EN 15713 through a Data Processing firm when they are being replaced and/or updated. All organisation should partner with a document destruction expert that provides secure onsite paper shredding Dublin and secure offsite paper shredding Dublin. These data processing firms should have the capability to securely destroy both physical data held in paper format and digital data held on old hard-drives and data cartridges.

For more information please Email us : info@securityinshredding.com

Minister says Data Protection Commissioner is independent

Posted on by
Reply

Data Protection CommissionerRTE News 28th January 2016

The Minister for European Affairs and Data Protection has defended the Office of the Data Protection Commissioner, saying it is completely independent of government.

Minister Dara Murphy was responding to the news that Digital Rights Ireland is to take legal action against the Government, challenging whether the office is truly an independent data authority under EU law.

DRI says a series of judgments from the EU’s top court have stressed the critical importance of a truly independent data protection authority.

However, DRI says it will claim in court that Ireland has failed to properly implement EU data protection law or follow the requirements of the Charter of Fundamental Rights by failing to ensure the Irish ODPC is genuinely independent from government.

Speaking to RTÉ News, Mr Murphy said he was aware of the impending case, but said it would be up to the courts to decide.

He added that the ODPC and its functions are completely independent of government.

He acknowledged that the ODPC is government funded, but said apart from that it is like many other agencies in the state that are independent of government.

Mr Murphy also defended the public sector’s attitude to data protection, following criticism earlier today from Data Protection Commissioner, Helen Dixon.

The minister said improvements in compliance with data protection rules are needed across society including Government departments and the public sector generally.

But he said the new European General Data Protection Regulation will change and strengthen data protection rules.

He added he had recently brought local authorities and semi-state companies together to impress upon them the strong obligations they have in this area.

He said public bodies are engaging, although that doesn’t mean there is not more work to be done in the area.

On the controversy around the Garda Síochána Ombudsman Commission’s accessing of journalists phone records, Mr Murphy said the Minister for Justice was right to commission an investigation into it, as it is absolutely essential that citizens have confidence in any state agency that processes or handles their data.

Commissioner critical of compliance levels

Earlier, Ms Dixon criticised the level of compliance with data protection laws in the public sector.

Ms Dixon released a statement setting out priorities for data protection rights and protocol in 2016 to mark the tenth annual Data Protection Day.

In particular, she has called for improvements to the legislative process to ensure greater deliberation and scrutiny of issues that interfere with the fundamental right to data protection.

The commissioner acknowledged data protection is not an absolute right and in certain circumstances, must yield to other competing rights.

However, she also stated that if a public body is going to interfere with data protection rights, it must generally be provided for by law, be proportionate, necessary and made in the general interest or need to protect others rights.

Ms Dixon concludes that consideration must be given to all of these matters when drafting legislation.

 

Her pointed comments come as her office prepares to begin an audit of contentious powers used by several public bodies, including An Garda Síochána and GSOC, to access telephone records and other electronic messages.

What is the European Commission’s New Data Protection Framework proposal?

Posted on by
Reply

The European Commission announced a proposed reform to The European Union’s Data Protection Framework On the 25th of January 2012. You can read the full press release here. 

EU Data Protection, Secure Paper Shredding, Data Processor Firm

EU Data Protection

Within the announcement The Commission stated that the current framework – known as the 19995 EU Data Protection Directive is outdated. The main reasons for the framework to be outdated are due to rapid technology change and globalisation. These points are important to consider when deciding upon the best option to securely destroy your sensitive paper data through a confidential paper shredding service. Whether the service will be an onsite paper shredding service or an on-demand offsite paper shredding service it is important to ensure that your paper shredding company is a Data processor. You can see the list of registered Irish data processing firms here.

The new Data Protection framework will be a regulation which means all member states will have to abide by the rules. The rules will go into effect two years after they have been adopted by the member countries which is expected to be in 2018-2019.

Security in Shredding Team.

Paper Shredding Dublin

Posted on by
Reply

This brief blog article will focus upon the topic of Paper Shredding Dublin and will share some insight into unacceptable high risk practices with some links to helpful guidance websites to help with the decision making when establishing a document shredding protocol and digital data destruction protocol within your Organisation and households in Ireland.

Data Protection and the ethical procedures for the disposal of end of life data is essential for all in today’s ever evolving data world. Hard-Drives, CD’s, Data Cartridges and Paper files are the main methods for experiencing a damaging and painful data breach.

Protecting your Physical Data and in turn your Personal Identity is vital for all today and a data destruction Dublin service is the most suitable and compliant method for Organisations operating in Ireland and us the Irish citizens to Confidential Shredding, Data Protection, Data Protection FInes, Data protection Penalties, Secure Shredding, Data Destrcution, Complianceassert the protection of our information.

 

High risk practices;

 

  1. Following the guidance of other Organisations both in the Private Sector and Public Sector;

With the advances in data reconstruction technology, increasing levels of data crime, extreme forces for lower costs in addition to contradicting and mind boggling information, simply looking at an alternative Organisation (Private &/or Public) to mimic their procedures and practices is not an appropriate method to establish your own data procedures and practices for managing sensitive paper documents. As we in Ireland are a member of The European Union we are subject to European Legislation in addition to Irish Data Protection Legislation. This point also raises the level of risk of data protection when looking at other Organisations as there have been many different views upon the legislation and the application of it in our Country.

During the Thanks Giving period in The US an extremely serious Data Breach occurred where paper documents containing personal information were found dumped in a recycling centre. These documents were traced back to a hospital which may now be in line to face serious fines and penalties. The affected parties were contacting and apologies were given on behalf of the hospital.

In November of 2015 in our own home Country of Ireland we have seen a data breach occur in one of our Hospitals which in turn personal patient records were found in a recycling bin on the street outside the Hospital.

I want to highlight these two examples as it is important to note that the protection of personal data is a global issue and it is not to be underestimated. These examples also highlight that Companies in the Dublin Region that wish to establish a Dublin Paper Shredding Service and look for guidance from Organisations either in the Private or Public Sectors may lead to data breaches which in turn may lead to negligence penalty enforcement’s. Independent research from reputable information sources that has the protection of personal sensitive data as their number one concern is the most appropriate method for establishing your data protection procedures.

 

2. Allowing you Waste Management firm to manage your end of life personal sensitive data;

This point is of serious concern for all Organisations and citizens of Ireland to ensure the protection of their personal sensitive paper data. This article is not to negatively market waste operating firms as many of them do an amazing and admirable job at protecting our environment, producing waste fuel for export to incinerators, collecting household waste, running recycling centers, separating and segregating waste materials and selling waste commodities to the recycling industry for maximum revenues not to mention the hundreds of people that are employed through waste operators, they truly are appreciated.            When it comes to personal sensitive data and the appropriate disposal of that data there are specialist firms within the market that are subject to additional standards, certifications and best practices which may not be the case for many waste operators who do not have confidential shredding as their primary business case. There is also an industry representative body for these professional specialist firms to ensure industry best practices. If you are specialist data destruction firm (Paper Shredding Firm) you are a Data Processor and recognised as a data processor under legislation. When you are a data processor you are subject to additional legislation from both Ireland and Europe and you are accountable for breaches of the legislation.                       If you are a waste operator managing waste services you may not be recognised as a data processor but as a materials processor. With this point, if a data breach occurs the Data Processor liability under data protection legislation may not be valid and there may not be accountability in the case of your data breach.

3. Empowering staff with the responsibility to destroy your end of life data;

When deciding whether or not to give staff the responsibility of destroying their end of life data or hiring in temporary or work experience staff it is important to take into account the following factors

  1. Have you provided adequate training for staff
  2. Have you included their responsibilities in their employment contracts
  3. Have you received an audit trail for your material
  4. Do you have proof of destruction
  5. Do you have proof of recycling
  6. Have you destroyed the data to the appropriate shred size
  7. Have you completed a cost benefit analysis on the activity
  8. Are staff being taken away from other activities
  9. Have you singed confidentiality agreements
  10. Have you conducted background checks upon staff

The risks when destroying data outweigh the benefits of completing the process in-house. When dealing with risk it is impossible to eliminate the risk however it is possible to minimise the risk levels and with this in mind it is important to look for a professional specialist shredding firms to manage your destruction requirements and ensure compliance to save you from possible data breaches.

 

If you require any further information to better help equip yourself from experiencing a damaging data breach please do not hesitate to contact the Security in Shredding Team for friendly helpful guidance with no obligations. You may also want to visit the following sites;

  1. https://www.securityinshredding.com/contact-us.php
  2. https://www.dataprotection.ie/viewdoc.asp?DocID=4
  3. https://www.dataprotection.ie/viewdoc.asp?fn=/documents/register/display.asp?ID=14124%2FA
  4. https://www.dataprotection.ie/ViewDoc.asp?fn=/documents/guidance/Guide_Data_Contollers.htm&CatID=90&m=y
  5. https://www.dataprotection.ie/ViewDoc.asp?fn=/documents/responsibilities/3bi.htm&CatID=53&m=y
  6. https://www.isia.ie/all-security-mobile-shredding
  7. https://www.din.de/en/getting-involved/standards-committees/nam/european-committees/wdc-beuth:din21:113162714

Minister Alan Kelly endorses Free Confidential Shredding Event to celebrate Data Protection Day 28th January 2015

Posted on by
Reply

Data Protection Day 2015

So, it’s 2015 and many of us will have made a New Year’s Resolution to organise our paperwork and get rid of documents, old bills and other correspondence. It’s a task most of us dread let alone the stress and worry of how to securely dispose of this material– However help is at hand at two locations in Waterford and Limerick to mark Data Protection Day on January 28th 2015.

Minister for Environment – Alan Kelly supports Security in Shredding in celebrating Data Protection Day whom are offering A Free…. Yes FREE on-site shredding service for householders and SME’s on January 28th, in conjunction with the Southern Region Waste Management Office, Limerick City and County Council and Waterford City and County Council Authorities. The event will encourage data protection and the best practices in addition to waste segregation and the appropriate, safe and secure methods of disposing paper waste.

Householders & small businesses across the region are encouraged to bring along documents to the designated locations and avoid the financial, mental and emotional loss associated with identity theft on Data Protection Day. By participating in this event you would be beginning 2015 with organized and clutter free filing cabinets, office space, creating a clean and positive working environment as well as the piece of mind that your documents are being handled securely minimising the risk of identity theft and data breaches that are caused by documents being exposed.

} In 2013 the Data Protection Commissioner for Ireland received 1,507 data breach notifications – 25 times the number reported in 2009.

 

These events are taking place at the Mungret Recycling Centre Limerick and the Kilbarry Civic Amenity Site, Waterford between 11am and 3.30pm on January 28th. All materials will be shredded on-site, eliminating risks, 100% of shredded material is recycled.

Those who avail of the event and wish to put their names into a free draw on the day will be in with a chance of winning a one night stay B&B in the Commons Inn Hotel at the Mungret Recycling Centre draw and a one night stay B&B in the South Court Hotel at the Kilbarry CAS draw. So drop in on the 28th of January and make use of this FREE CONFIDENTIAL SHREDDING EVENT. Two refuse sacks per person.

“The Security of the Cloud …”

Posted on by
Reply

iCloud security wake-up call

 

As a result from the security issues surrounding iCloud, “The general move to cloud services is going to suffer..” “In the wake of a leak at the start of the month, Apple added new security measures to its iCloud service. Apple was late to the game with two-factor authentication, but most of these (celebrity) images were likely hacked before it brought in that update”, Conor Flynn stated to the Sunday Business Post. “These leaks should act as a wake-up call to Irish smart-phone users to keep account of where their data is being stored, according to Michael Conway – director of Renaissance”.

If the public was better educated about the methods and locations for storage of their data, it would minimise the risk to the user. “People share information so-freely in social media circles, the logical step is just saving that information in the cloud”.

According to the Sunday Business Post, the simple solution is to encrypt your files before saving to a cloud service because even if that cloud provider is compromised, your files are useless to anyone who gets them without the encryption key.

New Data Protection Commissioner

Posted on by
Reply

new data protection commissioner
We welcome Ms. Helen Dixon in to the Data Protection Sector and wish her success in her important new role. Ms. Dixon is taking over from Mr. Billy Hawkes whom has retired from his position as privacy chief since 2005.
Ms. Dixon has served an 11 year career in two US IT multinationals – Worth Data Inc and Citrix Systems – that had their EMEA bases in Ireland.
“The role of the office of the Data Protection Commissioner as an independent body which has responsibility for safeguarding data in Ireland is of critical importance.”
In a statement, a Government spokesman said Ms Dixon brings “a wealth of experience and expertise to her new role, both in the public and private sectors”.
We would like to wish Ms. Helen Dixon all the best in her new role and hope she has a successful career.
We would also like to wish Mr. Billy Hawkes well with his future endeavours.

Why Media Destruction Of Digital Devices Is Necessary

Posted on by
Reply

confidential electronic-destruction

At Security In Shredding paper shredding services provide excellent data security. Digital and electronic devices should be treated with the same manner regarding data security. Again a sure fire method of this is physically destroying these devices once they are no longer needed.

Digital Data & Devices

Electronic Data and Electronic Devices have grown rapidly within the Business Environment which in turn has resulted in new data protection regulations being implemented and continuous security measures being improved within organisations. Due to the required high volume of Technology being utilised within Business today in addition to the level of data being gathered there has been true improvements achieved however, there are also serious problems.

At the top of this list is the significant topic of appropriately disposing & recycling the obsolete and end of life devices while protecting the personal data within the given device as organisations are obligated to do through Data Protection Legislation.

So how can an organisation be certain that their data is protected as they dispose of their devices and media that they no longer need or are no longer required to be retained for compliance purposes?

By sourcing experienced professional data (Paper, Media, and Textiles etc.) destruction companies to destruct electronic media an organisation receives many significant benefits.

Benefits such as:

  • Organisations ensure compliance with The European Data Protection Directive
  • Peace of mind that all data within the organisations electronic media is destroyed and non-recoverable.
  • Mitigates the risk of unauthorised use of the organisations sensitive information stored on electronic media.
  • The security of receiving audit ready fully traceable documentation and certification
  • Overall improved efficiency by outsourcing the destruction service to a professional company. Many organisations attempt to conduct the destruction of sensitive material in-house. This has proven in historic circumstances to be time consuming, unsecured, unreliable, untraceable and troublesome for many organisations.
  • Reduced risk of inadvertent disclosure through top level security and experienced safeguards throughout the shredding process whether it is onsite or offsite.

In addition to hard-drive and media storage devices it is essential for clients to be fully aware of the true detrimental risks attached to IT Assets and the disposal/Recycling of them. Today many electronic devices store data within an organisation.

Devices within offices such as:

  • Computer Hard-drives
  • Laptop Hard-drives
  • Printers and Scanners with internal hard-drives
  • Mobile Phones
  • Fax machines
  • Mobiles Phones
  • Servers
  • Other IT assets & office equipment

These all possess a serious risk to an organisation during the disposal/recycling process. With this in mind professional data destruction companies such as Security in Shredding provide IT Asset Disposition services to help organisations to destroy and recycle IT equipment through reliable, experienced, environmentally friendly and best practised methods and services.

For more information on our media destruction service, please visit our page and contact a member of our team if you have any enquiries.

Email us at: info@securityinshredding.com