In today’s world, our personal information is stored on thousands of computers belonging to companies with whom we do business.
Such details are potentially lucrative in the hands of criminals, so the public expects them to be treated with care and respect.
But if the information is disposed of carelessly and customer trust abused, the company in question stands to lose considerably in terms of damage to its brand and loss of reputation. A good name can be a company’s most important asset – and take years to build.
Lose your good reputation and potentially you could lose your company. And that in turn impacts upon the people who work for you and your customer base.
To avoid this, public and private sector organisations must treat the protection of
customer data with the utmost seriousness. And when that information becomes obsolete, those organisations are obliged to dispose of that same information with equal fastidiousness.
How we permanently dispose of redundant I.T. equipment is now governed by the EU’s WEEE Directive, but disposal of the data on the hard drives is not.
Up until now, we had to rely on companies performing their ‘duty of care’ under the Data Protection Act and handling such disposal responsibly – but there was little incentive to do so, outside of an organisation’s own sense of obligation.
However, from April, the Information Commissioner’s Office (ICO) will have new powers to fine organisations up to £500,000 for “deliberate or negligent” breaches of personal data.
Responsible organisations must put proper data disposal policies and procedures in place now – not just to avoid the wrath of the ICO but also to protect their businesses and livelihoods.
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.