A Freedom of Information request by The Pulse reveals the breach of patient data security in four of the last five years. The result has been identifiable records being disclosed by the Government’s official information centre without authorisation or to the wrong recipient.
When it comes to selecting a company to carry out your document shredding services, you will find that there are plenty to choose from. This guide is designed to provide you with some questions you can use to identify the best company for the job – and ensure that your confidential waste is handled in the best manner.
If you are trusting your documents to another company, you need to know that all their staff will treat it with the utmost confidentiality. Make sure their staff – irrespective of whether they will be handling your job or not – are CRB checked. All Shredsec staff are CRB checked.
Off-site shredding tends to be the least expensive service for most homes and businesses and is therefore the most popular. However, on-site shredding (when a shredding company shreds your documents at your site using a shredding truck) is popular with public sector customers who want the reassurance of knowing seeing the papers destroyed in front of their eyes. Shredsec offer on-site and off-site shredding.
You should receive a Certificate of Destruction every time your paperwork is destroyed. This is an important document to enable you to prove that your material has been shredded and it should contain: date of shredding, details of the material that was shredded and a real signature (not digitised). Shredsec provides a Certificate of Destruction with every job.
There are many smaller waste management companies that provide shredding services as a separate offering. You should make sure that the company you employ is fully insured for shredding operations and holds the relevant public liability insurance cover. Shredsec holds full public liability insurance for shredding works.
Many shredding companies stipulate that your waste material has to be sorted before it collected so that plastic folders, binders, etc, are handled separately. If this is the case, you should question the capabilities of the company because any professional shredding company will be able to handle all kinds of materials without the need for pre-sorting. Shredsec’s large industrial shredders can shred whole lever-arch files and so no pre-sorting is required.
If you have more than 1 tonne of paperwork to be destroyed (approximately equal to 65 archive boxes or sacks) then you should enquire about the discounts available from the shredding company. If they do not offer a discount then you should question their operational credentials. Shredsec provides discounts to organisations that are disposing of large volumes of paper.
The number of vehicles and collection routes utilised by larger shredding companies means that they are capable of responding to your ad-hoc and regular service requirements very quickly. Shredsec can usually accommodate a collection from anywhere in London and East Anglia within 24 hours.
Any company that asks for pre-payment of their shredding services should be questioned. Shredding services are no different to most other services in requiring payment after the shredding has been carried out. Shredsec sends your invoice on the day of shredding with 30 day payment terms.
To find out more about how Shredsec can help with your confidential shredding, contact us today on 0800 567 7570 or email firstname.lastname@example.org
The requirement for confidential document destruction by companies and organisations has steadily increased over the past few years due to the increase in publicity surrounding data theft and privacy. Wherever a piece of paperwork has been produced that contains any kind of information, there is a risk that the data can be used by criminals if it has not been properly destroyed.
And with the price of waste paper falling in recent years, many waste disposal companies look to export waste office papers that they have collected on behalf of fee-paying customers to countries such as China or India for recycling. The paper is not shredded before it leaves the UK and so there is a risk that the information contained in the paperwork can be compromised at any number of places en-route or at its final destination.
The same risk applies to paperwork that is recycled in the UK, of course. If your documents have not been shredded after they have reached the end of their useful life, the information they contain can be obtained by a third party.
In principle, there are two requirements for complete document destruction. The process must:
Shredsec can enable you to achieve this in two ways:
You arrange for one of our shredding trucks to visit your premises at a pre-arranged time and date. When the mobile shredding vehicle arrives, our operative will collect your documents and load them into the shredding machine that is on the lorry. You can watch your material get shredded for complete peace of mind and we provide you with a Certificate of Destruction that details the weight of the destroyed paper.In terms of cost, this tends to be the most expensive method of shredding because of the fuel and equipment needed to carry out the work. However, it is often a preferred choice for schools, medical practices and law firms as it means none of your documents leave your premises without being destroyed.
The popular alternative to on-site shredding – and one that is preferred by most of Shredsec’s customers – is off-site shredding. Instead of a shredding truck visiting you at a pre-arranged time and date, one of our collection vans will arrive. The driver will load your boxes/bags/sacks into the van and return to our secure shredding unit where the documents will be shredded. This is always carried out on the same day as collection so there is no risk of the data contained in your paperwork getting compromised.
This option is cheaper than on-site shredding and Shredsec can often collect from you within 24 hours of your phone call depending on the size and nature of the material you wish to shred.
Both options outlined above provide a high level of destruction for your papers. Our shredding machines operate a level 3 security meaning that papers are cross-cut into pieces measuring approximately 8x40mm. Compare this with a conventional strip-cut office or home shredder which produces pieces that can easily contain bank, credit card and other important numbers.
News released from the Information Commissioner’s Office (ICO) yesterday: a penalty of £100,000 was imposed on Stockport Primary Care Trust after the discovery of a large number of patient records at a site it formerly owned.
The discovery was made by new owners when they bought the premises in 2011. The boxes of waste contained personal information including work diaries, letters, patient records, referral forms and various documents. Some of the information contained particularly sensitive data including details of miscarriages, incontinence problems, child protection issues and a police report relating to the death of a child.
The boxes had been left behind by Stockport Primary Care Trust which subsequently collected the information.
An investigation by the ICO revealed two earlier security incidents where confidential and highly sensitive personal data had been left behind in secure buildings owned by the trust.
Stockport Primary Care Trust was dissolved on 31 March 2013 with their legal responsibilities passing to the NHS Commissioning Board. The board will be required to pay the penalty amount by 3 July or serve a notice of appeal by 5pm on 2 July.
The ICO will also be speaking to NHS Stockport Clinical Commissioning Group to pass on the learning that should be taken from this incident.
David Smith, Deputy Commissioner and Director of Data Protection, said:
“It’s crucial that organisations don’t take their eye off the ball when moving premises. This NHS trust’s efforts to keep its patients’ confidential records secure were completely undermined by its failure to properly decommission the premises it was leaving.
“The highly sensitive nature of the documents left behind makes this mistake inexcusable, and there can be no doubt that the penalty we’ve served is both necessary and appropriate.
“In the last year we have served two six figure penalties on organisations that have left large volumes of personal information behind when leaving a site. These penalties highlight the need for organisations to have effective decommissioning procedures in place and to make absolutely sure that these procedures are followed in practice.”
More about this story here.
An NHS Foundation Trust faces a fine of up to £500,000 after notes containing confidential information about 25 patients were found in the street.
Details included patient names, ages, medical history, specialist information, mobility, dietary requirement, hygiene, home circumstances and discharge plan. The documents showed the name of the person who printed them out — at 6.33pm the day before — and said “please destroy paper copy at the end of every shift”.
Bosses at Bolton NHS Foundation Trust have launched an investigation and said they have apologised to all patients and carers.
The data breach has been passed to the Information Commissioner which has said it will “determine an appropriate response”. The commissioner has the power to issue monetary penalty notices of up to £500,000 for serious breaches of the Data Protection Act.
A spokesperson for the ICO said: “We have been made aware of a possible data breach.
“We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken.”
This video shows one of our industrial shredding machines destroying paper at Security Level 3 (in accordance with the European standard for paper shredding security). The final waste paper is shredded to sizes measuring approximately 4mm x 40mm.
The paper is cross-cut which provides an extra layer of security when compared with conventional strip-cut shredders. A cross-cut shredder not only shreds the paper into widths but it also cuts it into smaller lengths thereby making it almost impossible to retrieve any data.
The purpose of filming the shredding in this way is to demonstrate the power and finality of the paper destruction process. It is possible to observe the operation of the two cross-cut shredding drums and obtain an understanding of how they decimate material that is fed through them.
The Ministry of Justice has unveiled plans to give the Information Commissioner’s Office (ICO) powers to carry out compulsory data protection audits on public health bodies in the UK.
The ICO currently has the power to conduct compulsory data protection audits on central Government departments in accordance with the Data Protection Act. However, consent must be obtained from other organisations before investigations can be commence.
The Ministry of Justice has now said it has been convinced of the need to bring health bodies within the scope of the ICO’s compulsory audit powers and has launched a consultation document amounting to 32 pages. Health bodies are being encouraged to give their view with submissions accepted by 17th May 2013.
The Ministry of Justice said that, where the ICO had conducted consensual audits, it had identified data security problems, including “lockable storage not being used, patient records left in reception trays openly accessible and insecure confidential waste bins” as well as unencrypted sensitive data being held on mobile devices.
The highest fine the ICO has ever levied on any organisation for a breach of the Data Protection Act was served on Brighton and Sussex University Hospitals NHS Foundation Trust last year. The Trust was fined £325,000 after “highly sensitive personal data” was stolen from a hospital under its control and sold on eBay.
The watchdog had set out its intention to focus on improving health sector compliance in its information rights strategy published at the beginning of 2012.
Shredsec Ltd has enjoyed a string of new business wins across East Anglia and London including:
“Our competitive pricing and high levels of customer satisfaction have set us apart from the competition,” said Philip James, Director at Shredsec. “Organisations are becoming increasingly aware of the need to shred their paperwork and Shredsec offers a simple and flexible solution at the right price.”
Scottish Borders Council was fined £250,000 after employee pension records were found dumped in a supermarket car park. The incident occurred in September 2011 when 676 files relating to SBC’s Local Government Pension Scheme were recovered from the recycling bank.
A year later, the Information Commissioner’s Office (ICO) fined the Council which paid immediately in order to receive a 20% discount but appealed against the scale of the Information ICO’s penalty.
Find out more about this article.
Our Address: The Old Forge
Hawkedon, Bury St Edmunds, Suffolk
Registered Company Number: 8264350
Telephone: 01284 789500
Call: 01284 789500