The branch that you searched for does not have a page in your preferred language. Would you like to visit the branch page on the #CODE# site?
Protect your business from an information breach with a regularly scheduled paper shredding service.
Boxes and filing cabinets stuffed with old documents? Get our one-off document destruction service.
Storing or just erasing obsolete hard drives could cost you millions in a data breach. Let us securely destroy your electronic data.
Confidential information can be found on more than paper: we destroy CD-ROMs, USB drives, and data tapes.
From uniforms to identity cards, speciality shredding destroys information wherever it’s found.
Help your business prepare for The General Data Protection Regulation (GDPR) with our GDPR Awareness workshop.
Get a Quote
February 24, 2015
Back To Blog
You know what it’s like… You start a new job and they ask you for a copy of your passport. You go to a hotel and they ask whether they can take a copy of your credit card. Everyone seems to need some of our personal information these days for everything, either to protect their business by double-checking our identities or because they are legally required to do so. But with identity fraud being a real threat, how do we know that these companies will protect our personal information?
It’s not unreasonable to ask a company how they will guard your personal data. And making information security part of the conversation means that businesses are more likely to take this issue seriously.
First of all, it’s worth knowing that in the UK, your personal data is protected by the Data Protection Act (DPA), which all organisations processing personal information must adhere to. The DPA comprises eight principles which outline the rules that companies which use - or 'process' - your personal data must follow. All companies must make sure the information is:
Companies that fail to follow the DPA can receive fines of up to £500,000 from the ICO and may also face legal action. It is therefore within all companies’ interest to do their utmost to guard your confidential data.
If you want to understand what an organisation is going to do with your information then the first thing to do is to ask to see a copy of their Information Security or Data Protection policy. This should list the security measures that the business has in place. For example, if they wish to print a copy of your documents then you may want to make sure that the company’s physical security measures include storing the copies in a secure place, such as a locked filing cabinet. Don't forget to check the company's policy for details of how documents are securely destroyed when they are no longer needed.
If you are worried about how long a company will keep your personal data, the DPA states that organisations should only keep it for as long as is necessary for the purpose it was collected for in the first place. Asking the business to show you their data retention policy for the information they hold should give you peace of mind.
Obviously, the best case scenario is that your personal data is taken care of in a responsible manner and remains protected. However, you do have protection in the eyes of the law if you think information has been used unfairly. As a first step, you should approach the business and ask them to explain how they have used your data and to demonstrate that they have complied with the principles of the DPA. Organisations are obliged to explain how your information has been processed, if you make a formal request.
The ICO is a great place to start if you want to find out more about companies' obligations when it comes to your personal data. Have any more questions about information security? Shred-it has a range of resources for you to investigate or join the conversation on information security with us on Twitter @Shredit_UK
Fill out the form or call 0800 197 1164 to start protecting your business today!