Personal data theft is a continual and growing problem not just for the individuals involved but also for businesses and organisations charged with data protection. Although there are various personal and business security measures available, data theft and data leakage still occurs.
Data thieves can use personal data to clear out bank accounts, run credit cards to their limit, or commit other crimes under the guise of false identities.
So what are some of the cases that illustrate the severity of data theft and what is a sure-fire solution to ensure that sensitive personal data is beyond the reach of criminals?
Data Protection Blunders
Here are some examples of the kind of sensitive information that has been lost or stolen, but whose safety could have been better protected or destroyed.
In 2006, waste paper to be used in a stage production by the Scottish National Theatre was found to contain data about vulnerable children and their families, and Scottish Water documents detailing customers’ bank details. A Glasgow recycling company supplied the Theatre with bags of documents to be used as props but didn’t check their contents.
Between 2008 and 2009, thousands of patients’ medical records were lost or stolen from NHS hospitals and surgeries across Scotland. Much of the data was stored on PCs or memory sticks and comprised documents, letters and videos of patient examinations.
In 2008, patient X-rays and paperwork were found lying around the abandoned Law Hospital in Lanarkshire. The fact that the hospital closed in 2001 and that confidential data was left at the site is a breach of the Data Protection Act, and hospital managers should have ensured that anything containing patient details were either disposed of or made safe.
An investigation by the Sunday Mail in 2006 revealed that intact bank documents were left dumped in bins outside branches. The documents contained data such as names, addresses, dates of birth, account numbers, sort codes, and secret passwords. Old bank cards were also found and although they were cut in half, all the personal details were visible.
Methods of Data Protection
It is a legal requirement for businesses and organisations to ensure the security of personal information. Millions are spent every year on security systems to comply with this law, and while physical theft of documents and computers means that sensitive data is no longer safe, much can be done to prevent data from falling into the wrong hands.
The rule of thumb should be know what it is you are throwing in the bin and if you are in the least concerned that it contains sensitive data have it disposed of properly. Too many individuals continue to put intact documents into their bins.
Bin, skip or dumpster diving is the practice of raking through bins for food, miscellaneous domestic or workplace items or, for criminals, anything that contains personal information they can use to their advantage.
Whether it’s on a computer drive or in document form, the only way to fully ensure that data is kept safe is by destroying it. Businesses often renew their computer networks by replacing desktop PCs and laptops. Often, these old machines are resold with reformatted hard drives.
Even if a hard drive is wiped clean, data retrieval software exists that can access some residual information. Professional shredding companies can render hard drives, memory sticks and other storage media unusable by either crushing or shredding them.
Simple home or office shredding machines will destroy paper documents but many are the “strip cut” type. These shred paper into long thin strips which, contrary to popular belief, can be pieced together to reform the original document. Industrial “cross cut” and “micro-cut” shredders are much more effective as they cut up documents into confetti or minuscule particles.
Hiring a shredding company is a good way of ensuring that sensitive data is secure. In-house security for businesses is extremely important and charging employees with shredding documents gives them access to personal and business data. A mobile shredding company eliminates this risk and will also provide a guarantee of document or storage media destruction.