UK Businesses Putting Customers at Risk Through the Inadequate Disposal of Electronic Devices Containing Confidential Information

Businesses in the UK are putting the confidential information of their customers and employees at risk by not disposing of electronically-stored data securely, the UK’s largest information destruction company has warned today.

Research from Shred-it reveals that two fifths (40%) of SME business owners have never disposed of electronic devices containing confidential information, such as hard drives, while a third (35%) do it less than once a year.  In comparison, over half (56%) of larger organisations dispose of these devices every 2 to 3 months, according to Shred-it’s fifth annual Security Trackersurvey^[1]. Worryingly however 14% of larger businesses never securely destroy this type of digital storage or do it less than once a year. As larger companies often hold vast quantities of customer data, this is a real concern for all of us as consumers.

Storing redundant electronic devices in the office could lead to inadvertent breaches and offers a goldmine of sensitive information for data thieves. The loss or theft of hard drives containing confidential information, such as employee details and client information, puts businesses at significant financial, legal and reputational risk. Currently, the largest data breach fine issued by the body responsible for enforcing the Data Protection Act (the ICO) is £325,000, following the discovery of highly-sensitive data on hard drives sold on an online auction site^[2].

Shred-it is calling on UK businesses and organisations to recognise the risks that inadequately destroyed, electronically-stored information pose.

“In the increasingly digital workplace, businesses place emphasis on cyber security, and rightly so; however they often neglect physical digital storage, not realising the wealth of confidential information contained on these devices. You wouldn‘t leave a stack of documents containing confidential information sitting in the corner of your office or in a store cupboard gathering dust, so why leave a hard drive where a data thief could easily access it?“ warns Robert Guice, Senior Vice President Shred-it EMEAA.

He adds, “UK businesses continue to hugely underestimate the risks that unused or old electronic equipment left lying around the office poses to their business, as well as the serious impact that could occur if this information was to fall into the wrong hands.”

Simply deleting the information on hard drives does not mean that the information has been removed; this can only be ensured by physically destroying the hard drive.

Tony Neate, CEO of Get Safe Online^[3], the leading source of information and online security advice, supported by the UK Government, adds, “Just as it is easy for criminals to extract data from your company’s electronic devices, even after the information has been deleted, it’s also easy to put the right procedures in place to keep your sensitive company data secure. Make sure you fully erase hard disks by either using a dedicated file deletion program or service, and physically destroy the hard drive so it is unusable. Taking your devices to a proper disposal facility and asking for a certificate is a good way of making sure this has been done properly and that no information will end up where you don’t want it to.”

Three Simple Workplace Guidelines Designed to Safeguard Hard Drives:  

1. Perform regular clear outs of storage facilities and avoid stockpiling unused hard drives
2. Physically destroy all unused hard drives at the end of their useful lives. Using a third-party provider who has a secure chain of custody and provides written confirmation of destruction, can help give you peace of mind and ensure your data is being kept out of the hands of fraudsters
3. Regularly review your organisation’s information security policy to incorporate new and emerging forms of electronic media

What types of electronic media can be destroyed?

• Hard Drives (from laptops, desktops, servers, copiers and more)
• Backup Magnetic Tapes (any type e.g. DLT, mini cartridges)
• Floppy Disk (3.5 inch disk, 5.25 inch disks, and many more)
• Zip Disk (100 MB, 250 MB, and other large disks)
• Optical Media (CDs, DVDs, Blue Ray, and HD DVD)