shredding service, confidential shredding

Schools and Document Shredding

Sensitive information held by schools includes but is not limited to health, religion, age, nationality, criminal offences and trade union ships. The nature of this information and the environment in which it is produced, means secure disposal of this information should be considered a priority by Schools.

As a School you have a duty of care to protect children, staff, parents and suppliers information, if you intend to comply with the Data Protection Act, which is a legal obligation and not actually a choice.

At most Schools, information protection and security is taken seriously. It is common practice to keep files locked in cupboards and access to physical documents restricted and as secure as possible. This helps safeguard personal information.

The weak link in the protection chain is often at the disposal stage in the lifecycle of these documents. School staff who take so much care to protect the data they process whilst it is onsite, often dispose of the material via a paper recycling service, rather than a secure shredding service, designed specifically for schools.

Just like ensuring the material is locked away on site, a secure shredding service with highly trained DBS checked staff helps keep the security of the sensitive information to the highest standard.

Your pupils, parents and employees all have the right to have their information protected. The responsibility schools have in relation to the ensuring personal data is treated appropriately, applies until the data is destroyed.

Disposing of documents in a recycling bin does not ensure destruction, therefore the responsibility for the data remains with the data controller from the School, who puts the information in the bin even when it has left site. If a breach occurs at this point, the school will be fined and the data controller held responsible, not the waste service provider.

Data Protection Responsibility

When confidential information needs to be disposed of, the most secure method is the complete destruction of the information. Once documents have been shredded, they can be recycled with no risk to the School.

Use your head, Let us Shred!

 

If you’re interested in knowing a little more about data protection for schools, the Information Comissioners Office released a document giving guidance to schools back in 2012, which is really helpful. You can find it here.

When having a service is not enough….

Today we want to show you when having a document destruction “service” is not enough.

Having “a service” is something you have done to your car and it may be a cliché but we believe that working in partnership is the only way to work. It is also the only way to ensure complete security to the businesses we protect.

The pitfalls of adopting a standard “service” provider are clearly shown in the image below.

How not to store your waste

 

This image is of one of our competitors’ secure consoles and was taken at a site we were visiting two days ago. Confidential waste is clearly accessible and when you consider that this secure unit is in a communal area of a serviced office, complex risks are multiplied. Various different (and competing) businesses use this console for secure waste and this data is in effect now being shared.

We know this issue has not been addressed by the current service provider. We were told this issue was a regular occurrence a couple of days before every service, when we asked an office user.

The reality is that in this case, the company servicing the site, are doing exactly what they said they would by providing a shredding service to the client.

However, at The Shred Centre we like to think that we provide more than just a service. We  actively secure business’ information through appropriate services that fit the needs of site users.

To do this, we offer the the following;

  1. Site audits are carried out prior to install of any units.
  2. Offer a trial period as standard to ensure recommendations made at site audits are correct in practice. Our trial periods are 8 weeks with no obligation to continue once ended.
  3. Destruction operatives that attend site are trained to spot any security weaknesses and report back to the account manager that same day, should any exist.
  4. In addition, we train our operatives to engage with clients where security weaknesses exist, explaining the risks.
  5. The account manager will book a visit to review security that same day if any risks are notified.
  6. We would recommend changes such as service schedule changes or changes to the number of installed consoles.
  7. Quarterly reviews are held with all clients to ensure that the needs have not changed on site.

In addition to making adaptations should over filling of consoles occur, we also make recommendations based on consoles being under filled. Reducing the number of bins or frequency to ensure a best fit service is in place.

At one of our customers’ sites recently we halved their collection frequency, changing their collections from every four weeks to every 8 weeks. This was down to our operative noting a change in their volumes, with the console being filled only half full on the last two collections.

We believe in, and actually adopt a partnership approach for two main reasons.

Partnership Concept.

Firstly it is the only way to ensure complete security, requirements and site operations will change over time and being in regular contact allows us to work with the businesses we service to keep them secure, planning for these changes rather than react.

Information protection. Usb flash memory and key

Secondly a healthy partnership is generally a longer term partnership. These types of partnerships protect our own business and keep us moving forward. We value each and all of the businesses we secure and keeping them secure is what keeps our company alive.

How To Classify Personal Data?

At The Shred Centre we often get asked, how do you actually classify what is personal data. So we thought we would blog about it.

In simple terms the data protection act says that personal data is data by which relates to a living individual who can be identified from the data or from data and other information which is in the possession of, or is likely to come into the possession of, the data controller. In addition it includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

Yes that is the simple version.

The truth is and what the above is trying to express is that classifying personal data depends on a much more than the nature of the data you are looking at. Considering information about the environment in which the data is being processed or managed and how any associated data can be used is just as important.

The ICO’s website gives a good example that illustrates how other information contributes personal data;

Example
“An organisation holds data on microfiche. The microfiche records do not identify individuals by name, but bear unique reference numbers which can be matched to a card index system to identify the individuals concerned. The information held on the microfiche records is personal data.”

The definition also specifically states that opinions noted are also to be considered personal data, as are any intentions. Again they ICO website provides an example for clarity.

Example
“A manager’s assessment or opinion of an employee’s performance during their initial probationary period will, if held as data, be personal data about that individual. Similarly, if a manager notes that an employee must do remedial training, that note will, if held as data, be personal data.”

Its a complex world out there!

Fortunately the ICO has issued a document giving guidance on how to classify what is personal data, to fully comply with your obligations under the data protection act you can follow the steps in the 8 step guide that can be found here every time you consider disposing of information.

Or alternatively give us a call to discuss our Shred All Paper services, we remove any risk of mis-categorisation of data and allow your staff to focus on their core duties, your staff should be focused on the growth of your business let us focus on the information security.

Use your head, Let us Shred.

 

 

 

shredding service, confidential shredding

The Shred Centre Online

So we have had our first video “The Shred Centre Online”  produced, simply to let you know where you can follow us online. If your interested in data security and want to stay up to date, keep in touch with us and lets get social. [youtube id=”H2UqB_7BM68″ width=”600″ height=”350″]