By Andrew Blocksage, Sales Director at The ITAD Works
When it comes to the protection of personal records and data, your business can’t be too careful. An interesting and important test case is currently going through the UK Court of Appeal (Google Vs Vidal-Hall) which could have far reaching consequences for all organisations that use personal data. If upheld in the UK, the ruling will mean damages can be granted even where there is no financial loss to the individual making the claim.
Interestingly the UK Court of Appeal has also confirmed a tort of the misuse of private information as part of the case. To add further confusion to the matter, this judgement is in contrast to an established position in Irish law (Collins Vs FBD Insurance), which restricts damage to actual loss only. With two EU-based courts finding different verdicts in very similar cases this presents a potential minefield for organisations operating across the EU – let alone operating internationally outside it.
Different rules across international borders
The UK court’s refusal to accept the Irish judgment highlights just how open to local interpretation personal privacy laws are (even within the EU legal framework). The fallout for businesses like yours that operate in financial circles and that hold personal information on clients is obvious – serious consideration and caution is required not only for the use of data, but the security of it being stored as well.
Substantial potential penalties
Any loss or theft of data would equally be accountable under the judgement. Fines of up to 4% of your business’ turnover by the FSA for data loss or misuse mean that the financial penalties are substantial. This doesn’t even take into consideration the disastrous effects upon your reputation, in a sector where trust is a most important factor. Having an effective data policy in place and ensuring it is fully adhered to is paramount. Along with ensuring your team is compliant it’s also vital to look closely at your IT systems and procedures to ensure all eventualities are covered.
The IT challenge
To make matters even more complicated, FSA regulations also require that banks and financial organisations keep full records (including correspondence) for seven years. From a compliance point of view this is a real challenge, particularly in larger organisations where the number of computers, smartphones, tablets and servers containing sensitive data can be substantial.
This means keeping track of each of your items that contain data (or have online access to it) and ensuring that they are properly wiped and disposed of at end of life. A robust and well organised IT lifecycle policy is no longer a bonus, it is a necessity.
Potential sources of data leakage
When it comes to the proliferation of information across an IT network, modern smart devices have been a real game-changer. As well as theft or loss, the other major danger of data leakage from these devices and more traditional IT systems is when they become redundant. From desktops and laptops to end-point devices such as smartphones, tablets and other IT devices – all have trusted links to your core data systems.
Add into the mix storage media such as USB drives, which at end of life are no longer any individual’s responsibility. This is when a robust and thorough process for IT disposition is vital.
Protecting your client data and your IT investments
It’s vital that your IT resources are fully managed throughout the lifecycle to protect against potential data leakage, but equally this is important in retaining the best value from investments and to avoid and limit unnecessary expense. It’s very important to consider your business’ overall IT lifecycle policy, especially its ability to deal with end of life disposal of assets.
Managing your IT lifecycle
Failing to have an IT lifecycle policy in place could put your company at risk of falling foul of data protection regulations by leaving the data entrusted to you vulnerable to loss or theft. Ironically, you could at the same time also be wasting resources if your IT expenditure is not servicing your IT needs properly. Keeping a close eye on all your assets and the data stored on them is an essential consideration and an IT lifecycle policy will cover this.
A well designed and managed IT lifecycle policy makes it fully possible to avoid data loss on redundant assets and at the same time to reduce your total cost of ownership. This can include data erasure, and where necessary, safely destroying the data device for complete assurance.
Ensuring secure and safe disposal of IT assets
In many cases unwanted IT equipment can offer some return on your investment. For example, a used computer hard disk drive (HDD) can pose an obvious threat to data loss, but the rest of the machine may be fully serviceable and safe to re-use with a new HDD – or even with the original one professionally erased using Government CESG approved software.
However, when an item has no intrinsic value left, recycling is the only option. As well as ensuring data is safely disposed of, some legacy items harbour dangerous substances and chemicals. To avoid any further ethical or legal issues, it is wise to ensure your business adheres to current WEEE regulations and compliance – the perfect way to do this is to employ an expert disposal team who will remove any hazardous legacy items for safe disposal, ensuring environmental compliance.
Professional assistance offers peace of mind and better value for money
Lead by IT asset disposal expert Robin Gue, The ITAD Works was formed in 2013, having formally operated as Redemtech UK. Our mission is to ensure your business has a robust solution which will limit your risk of data leakage and the potential consequences from it. Additionally, we will ensure achieve full asset optimisation to get the full value from your equipment, as well as ensuring the safe and ethical disposal of these assets.
With strict quality controlled processes, we will ensure your data is fully contained and hardware is safely and efficiently disposed of – with compliance in terms of data protection and environmental legislation firmly at the forefront of this.
Legislation always needs to be observed and planned for. However, The ITAD Works will ensure your IT doesn’t go from an asset to a potential data security threat, whatever the local legislation dictates.