Tag Archives: EN 15713

Protecting Personal and Work Devices

Posted on by
Reply

secure data

All electronic devices can potentially suffer from Data Breaches if not protected correctly. The breach can be in violation of Data Protection laws if the Data Protection Commissioner is not informed. Secure document destruction is an important part of business and organisation incorporate.

A recent event involving a personal computer used in a federal building that contained details of child support accounts, and social security details and other hard drives that may have contained user details.

A US watchdog wrote an open letter to the federal government asking why staff member was able to use a personal device to access these details, given that it violates the security policy. The letter continues and mentions other Data Breaches in government buildings and the lack of Data Protection.

Situations like this increasingly more common and not just government buildings. Bank account details have being breached. Online accounts to various sites have being breached and this happens on a global scale. You will hear that the breach occurred because someone left a device behind them. Be it the seat of a train home from work, a USB key dropped in a cafe.

The human error of forgetting something is not the problem (we all forget things from time to time), but the issue is the data contained on these devices and the lack of protection in place especially devices with sensitive data.

Company Policy

It is worth knowing your company polices on weather or not personal devices are allowed to conduct business actions. Also if using company devices weather or not you can use personal applications on them. It is important to know this. We live in a time of technology and information being widely available and with the increased usage there is also the potential of breaches.

How these breaches occur will can vary but there are common factors and technology is written with a universal language.

  • Ask your IT specialist on what to look out for when using the device
  • Research good practices online
  • Enalble location of device if appliable in case it is misplaced.
  • Encrypt devices where possible including mobile devices and USB keys
  • Be aware of what information is stored on a device (paper or electronic) and the potential breach that could occur if misplaced.

A confidential shredding service will also improve your Data Security and provide you with methods for protecting your device. Please visit our site for more information:

https://www.securityinshredding.com/

When To Disclose A Data Breach

Posted on by
Reply

iCloud security wake-up call, data brach

Secure document destruction methods must be in place to comply with Data Protection laws. A confidential document destruction service will benefit your business and its Data Protection.

Technology has brought us accessibility to a global market and small businesses have benefited greatly from this boom in technology. With a greater number of devices connected to an online service has also meant that a increase in the number of cyber attacks. Small businesses in particular are now being targeted.

A report from the Wall Street Journal has shown that small law firms are targeted the most due to the potential high profile client base they may have. That being said law firms do not usually hold social security information and the information obtained by hackers may not be beneficial to them.

Under American law, law firms are required to inform the public that a breach has occurred.

Data Protection Commissioner

Under Irish law the Data Protection commissioner has Data Breach guidelines for you and your business to follow. If a breach occurs it is paramount that the matter is dealt with swiftly to minimise damage. Data Protection Commissioner data breach guidelines can be found at the link below.

https://www.dataprotection.ie/docs/Data-Breach-Handling/901.htm

The document informs you on what steps to take if a breach has occurred. With this guide you can easily follow the steps needed to take and the information to provide when informing the Data Protection commissioner.

“Failure to comply with these obligations can result in a criminal prosecution with fines up to €5,000 indictment €250,000 per offence.” 

The document also state “Prevention is better than cure.” Setting up company policies and practices for handling of sensitive data should be implemented immediately. A reputable Shredding Service will also improve Data Security within your company. A shredding service will be able to provide an onsite shredding service. Confidential shredding is paramount to shredding services.

A reputable shredding service will comply with the protocols provided by the Data Protection Commissioner. It is a governing body to help protect your personal data and the data of others.

Please visit our site for more information on a Confidential Shredding Service:

https://www.securityinshredding.com/

Full Article Wall Street Journal Report:

https://blogs.wsj.com/law/2016/03/30/when-do-law-firms-have-to-disclose-data-breaches/ 

 

American college (TCC) affected by data breach

Posted on by
Reply

Security in Shredding Data protection & destruction

Onsite paper destruction and or offsite paper destruction are services provided with shredding companies in Ireland. “Shredding Paper Ireland” will provide you with a decent result when researching for an industrial paper shredding service.

In a recent story involving an American college in Virginia were subject to a data breach involving staff and their names and social security details. 15 of the college employees who had submitted their tax returns to the IRS (American version of Revenue Office) were later told that their tax had already being done using their social security number.

Approximately 3192 employees in the Virginia college system may have being effected by the breach. It appears the details of the leaked data containing the names and social security numbers may have being sent to a fake account from the college.

While this happened in America the method as to how it happened remains the same. A false account was created to look like an official college page. The page will have asked the user to enter in or provide specific data. These scams will prey on human error or uneducated person to transfer this data.

How to protect yourself from these attacks

If you feel your business has being subject to one of these attacks here are a number of things to look out for. If you use a regular paid service whatever the format, these services will have your name on record and will be able to display it on emails and documents.

  • “Dear Customer” can be an indication of something off. A reputable service will easily be able to display your name here instead of customer.
  • Asking you to click a link from the email itself rather than going through the official website of the service provider to pay for services.
  • Do not click on links you are uncertain of going through the service provider site itself is a good practice.
  • Asking for specific details is also a sign of malicious intent. Reputable sites do not ask for this information as information such as passwords are NOT known by the service provider as these are encrypted and only known by you.

What To Do If Breach Occurs

  • Alert the service provider that a breach has occurred
  • Alert relevant authorities such as banks, revenue office so they know to monitor irregular transactions.
  • Inform employees to change passwords to the relevant accounts
  • Inform customers that may have had their data accessed
  • Sooner the better you alert the authorities the quicker and less damaging the data breach will be

The full article involving the TTC can be read here:

https://www.13newsnow.com/news/local/mycity/virginia-beach/tcc-100-employees-affected-by-data-breach/110309810

For more information on data security please
 visit:

https://www.securityinshredding.com/shredding-benefits.php

The Future Of Data Security

Posted on by
Reply

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

Document shredding service are a vital part of Data Protection. Shredding services in Ireland when a clear out shredding is needed. Offsite shredding services can be incorporated into everyday business to comply with Data Protection laws and improving Data Security.

Siliconrepublic an Irish based article site recently posted an interesting article regarding the future of Data security. Data Security is now more than ever vital for businesses to succeed. Technology has continuously improved and grown over the past number of years. The devices used has greatly helped smaller businesses compete with larger companies. With all this growth in technology aspects of the technology have being lost or information about it has become confusing and conflicting.

Data Security with technology will always be a continuous process. Between encryption, mobile devices and cyber warfare means that there will be no end to this process. Security experts can only protect against known breaches. Hackers have a small window of opportunity to work with.

Data Security Small Business

What does this mean for your business. For one, hiring a confidential shredding service that is also reputable and recognised by governing bodies. A shredding service must comply with Data Protection laws. A shredding service implemented within your business will ensure that you are protecting your data and improving data security.

Data Security is more than just electronic devices and digital data. Paper also contains data. Sensitive data in particular must be accessed and handled correctly. Who has access to this data and how this data is destroyed when no longer in use. A shredding service will handle these documents and devices and destroy them in a confidential and secure manor. ISO 9001:2008 is a good mark to look out for before hiring a shredding service for your business.

This type of data is what hackers and criminals try to achieve and will prey on human error to obtain this data. Dumpster diving will occur and if your documents are not shredded or only used a simple office shredder will not securely destroy data. Digital data can be accessed easily if the data is not encrypted or has not being wiped correctly. USB keys should be kept securely in your possession if they contain data. When shredding ask for the DIN level of shredding required to ensure secure data destruction.

Awareness to these methods is paramount to the success of your business and Data Security. If a data breach occurs then your business can be liable and receive a hefy penalty.

Read the full article here:

https://www.siliconrepublic.com/enterprise/2016/03/24/cybersecurity-future-of-security-hackers

Details for a confdential shredding service please visit:

https://www.securityinshredding.com/

Data Protection Ireland Today

Posted on by
Reply

Data proccesser and data commissioner

Secure document destruction in Ireland can come in the form of an onsite paper shredding service or an off site paper shredding service. Data comes in many forms and The Data protection Act is in place to ensure that this data is protected.

Data Protection is a vital for a business to succeed and remain in business. If customers or users know that your service does not protect your data. It will be a massive loss to business and business reputation. Your business can suffer from a severe penalty for not protecting your data.

An interesting article written by Colm Gorey titled “3 issues defining data protection in Ireland today  The issues discussed are relevant to today’s business. The 3 topics discussed were:

  1. ISO 27018: Cloud computing privacy standard – one year on

  2. Personal data and your right to access it — Ireland vs the UK

  3. Challenges to data protection under the internet of things

The first point talks about the governing of personal data through cloud based systems. Standards have being created to ensure the protection of data and were received well by Data Security experts. The ISO 27018 standard can be read here. Cloud computing has become a major asset to business functionality and knowing what cloud based systems are doing with your data should be investigated and researched when changes if any occur.

The second point refers to Irish and English law. Although both countries have similarities the law for each country does vary and in particular with personal data and access to it. Your business must abide by the rules in place of the country it is based in. A good example of how country laws differ can be read at this link.

Awards of Damages for Data Protection Breaches – UK and Irish Approaches Contrasted

Thirdly the internet of things (IOT) refers to the general use of internet and internet services. Governments and official bodies are trying to develop ideas or frameworks that will regulate the internet of things. What has happened is the EU 28 data protection bodies.

for more information on data protection and a confidential shredding service please visit: https://www.securityinshredding.com/

 

 

Minister says Data Protection Commissioner is independent

Posted on by
Reply

Data Protection CommissionerRTE News 28th January 2016

The Minister for European Affairs and Data Protection has defended the Office of the Data Protection Commissioner, saying it is completely independent of government.

Minister Dara Murphy was responding to the news that Digital Rights Ireland is to take legal action against the Government, challenging whether the office is truly an independent data authority under EU law.

DRI says a series of judgments from the EU’s top court have stressed the critical importance of a truly independent data protection authority.

However, DRI says it will claim in court that Ireland has failed to properly implement EU data protection law or follow the requirements of the Charter of Fundamental Rights by failing to ensure the Irish ODPC is genuinely independent from government.

Speaking to RTÉ News, Mr Murphy said he was aware of the impending case, but said it would be up to the courts to decide.

He added that the ODPC and its functions are completely independent of government.

He acknowledged that the ODPC is government funded, but said apart from that it is like many other agencies in the state that are independent of government.

Mr Murphy also defended the public sector’s attitude to data protection, following criticism earlier today from Data Protection Commissioner, Helen Dixon.

The minister said improvements in compliance with data protection rules are needed across society including Government departments and the public sector generally.

But he said the new European General Data Protection Regulation will change and strengthen data protection rules.

He added he had recently brought local authorities and semi-state companies together to impress upon them the strong obligations they have in this area.

He said public bodies are engaging, although that doesn’t mean there is not more work to be done in the area.

On the controversy around the Garda Síochána Ombudsman Commission’s accessing of journalists phone records, Mr Murphy said the Minister for Justice was right to commission an investigation into it, as it is absolutely essential that citizens have confidence in any state agency that processes or handles their data.

Commissioner critical of compliance levels

Earlier, Ms Dixon criticised the level of compliance with data protection laws in the public sector.

Ms Dixon released a statement setting out priorities for data protection rights and protocol in 2016 to mark the tenth annual Data Protection Day.

In particular, she has called for improvements to the legislative process to ensure greater deliberation and scrutiny of issues that interfere with the fundamental right to data protection.

The commissioner acknowledged data protection is not an absolute right and in certain circumstances, must yield to other competing rights.

However, she also stated that if a public body is going to interfere with data protection rights, it must generally be provided for by law, be proportionate, necessary and made in the general interest or need to protect others rights.

Ms Dixon concludes that consideration must be given to all of these matters when drafting legislation.

 

Her pointed comments come as her office prepares to begin an audit of contentious powers used by several public bodies, including An Garda Síochána and GSOC, to access telephone records and other electronic messages.

Paper Shredding Dublin

Posted on by
Reply

This brief blog article will focus upon the topic of Paper Shredding Dublin and will share some insight into unacceptable high risk practices with some links to helpful guidance websites to help with the decision making when establishing a document shredding protocol and digital data destruction protocol within your Organisation and households in Ireland.

Data Protection and the ethical procedures for the disposal of end of life data is essential for all in today’s ever evolving data world. Hard-Drives, CD’s, Data Cartridges and Paper files are the main methods for experiencing a damaging and painful data breach.

Protecting your Physical Data and in turn your Personal Identity is vital for all today and a data destruction Dublin service is the most suitable and compliant method for Organisations operating in Ireland and us the Irish citizens to Confidential Shredding, Data Protection, Data Protection FInes, Data protection Penalties, Secure Shredding, Data Destrcution, Complianceassert the protection of our information.

 

High risk practices;

 

  1. Following the guidance of other Organisations both in the Private Sector and Public Sector;

With the advances in data reconstruction technology, increasing levels of data crime, extreme forces for lower costs in addition to contradicting and mind boggling information, simply looking at an alternative Organisation (Private &/or Public) to mimic their procedures and practices is not an appropriate method to establish your own data procedures and practices for managing sensitive paper documents. As we in Ireland are a member of The European Union we are subject to European Legislation in addition to Irish Data Protection Legislation. This point also raises the level of risk of data protection when looking at other Organisations as there have been many different views upon the legislation and the application of it in our Country.

During the Thanks Giving period in The US an extremely serious Data Breach occurred where paper documents containing personal information were found dumped in a recycling centre. These documents were traced back to a hospital which may now be in line to face serious fines and penalties. The affected parties were contacting and apologies were given on behalf of the hospital.

In November of 2015 in our own home Country of Ireland we have seen a data breach occur in one of our Hospitals which in turn personal patient records were found in a recycling bin on the street outside the Hospital.

I want to highlight these two examples as it is important to note that the protection of personal data is a global issue and it is not to be underestimated. These examples also highlight that Companies in the Dublin Region that wish to establish a Dublin Paper Shredding Service and look for guidance from Organisations either in the Private or Public Sectors may lead to data breaches which in turn may lead to negligence penalty enforcement’s. Independent research from reputable information sources that has the protection of personal sensitive data as their number one concern is the most appropriate method for establishing your data protection procedures.

 

2. Allowing you Waste Management firm to manage your end of life personal sensitive data;

This point is of serious concern for all Organisations and citizens of Ireland to ensure the protection of their personal sensitive paper data. This article is not to negatively market waste operating firms as many of them do an amazing and admirable job at protecting our environment, producing waste fuel for export to incinerators, collecting household waste, running recycling centers, separating and segregating waste materials and selling waste commodities to the recycling industry for maximum revenues not to mention the hundreds of people that are employed through waste operators, they truly are appreciated.            When it comes to personal sensitive data and the appropriate disposal of that data there are specialist firms within the market that are subject to additional standards, certifications and best practices which may not be the case for many waste operators who do not have confidential shredding as their primary business case. There is also an industry representative body for these professional specialist firms to ensure industry best practices. If you are specialist data destruction firm (Paper Shredding Firm) you are a Data Processor and recognised as a data processor under legislation. When you are a data processor you are subject to additional legislation from both Ireland and Europe and you are accountable for breaches of the legislation.                       If you are a waste operator managing waste services you may not be recognised as a data processor but as a materials processor. With this point, if a data breach occurs the Data Processor liability under data protection legislation may not be valid and there may not be accountability in the case of your data breach.

3. Empowering staff with the responsibility to destroy your end of life data;

When deciding whether or not to give staff the responsibility of destroying their end of life data or hiring in temporary or work experience staff it is important to take into account the following factors

  1. Have you provided adequate training for staff
  2. Have you included their responsibilities in their employment contracts
  3. Have you received an audit trail for your material
  4. Do you have proof of destruction
  5. Do you have proof of recycling
  6. Have you destroyed the data to the appropriate shred size
  7. Have you completed a cost benefit analysis on the activity
  8. Are staff being taken away from other activities
  9. Have you singed confidentiality agreements
  10. Have you conducted background checks upon staff

The risks when destroying data outweigh the benefits of completing the process in-house. When dealing with risk it is impossible to eliminate the risk however it is possible to minimise the risk levels and with this in mind it is important to look for a professional specialist shredding firms to manage your destruction requirements and ensure compliance to save you from possible data breaches.

 

If you require any further information to better help equip yourself from experiencing a damaging data breach please do not hesitate to contact the Security in Shredding Team for friendly helpful guidance with no obligations. You may also want to visit the following sites;

  1. https://www.securityinshredding.com/contact-us.php
  2. https://www.dataprotection.ie/viewdoc.asp?DocID=4
  3. https://www.dataprotection.ie/viewdoc.asp?fn=/documents/register/display.asp?ID=14124%2FA
  4. https://www.dataprotection.ie/ViewDoc.asp?fn=/documents/guidance/Guide_Data_Contollers.htm&CatID=90&m=y
  5. https://www.dataprotection.ie/ViewDoc.asp?fn=/documents/responsibilities/3bi.htm&CatID=53&m=y
  6. https://www.isia.ie/all-security-mobile-shredding
  7. https://www.din.de/en/getting-involved/standards-committees/nam/european-committees/wdc-beuth:din21:113162714

Free Shred and Information Event in aid of Data Protection Day a true success.

Posted on by
Reply

shreddayimage

It is advantageous for the General Public and Organisations within Ireland and across the Globe to be aware that January 28th is European Data Protection Day, and it is known as “Privacy Day” outside of the EU. Continue reading