Secure data disposal is essential for protecting your organisation and individuals from identity theft, fraud, and data breaches. Whether stored on paper or electronic devices, all personal and confidential data must be destroyed properly when no longer needed.
This guide covers the legal requirements, best practices, and practical steps for disposing of data securely.
Why Data Disposal Matters
The Identity Theft Epidemic
Identity fraud is one of the fastest-growing crimes in the UK:
- £1.8 billion lost to identity fraud annually
- Nearly 2 million people affected each year
- Average victim loss of £1,000+ per incident
- Emotional impact – stress, damaged credit, months resolving issues
Criminals obtain personal details from carelessly discarded documents and devices. A single bank statement or utility bill provides enough information to open fraudulent accounts in your name.
Legal Requirements
Organisations handling personal data have legal obligations for secure disposal:
UK GDPR and Data Protection Act 2018 Personal data must not be kept longer than necessary and must be disposed of securely. The ICO can fine organisations up to £17.5 million or 4% of global turnover for serious breaches.
Environmental Protection Act Waste containing data must be transported by licensed carriers and disposed of through licensed facilities.
Industry Regulations Sector-specific requirements (FCA, SRA, CQC, etc.) often mandate secure destruction with documented proof.
Types of Data Requiring Secure Disposal
Paper Documents
Any document containing personal or confidential information needs secure shredding:
Personal identifiers:
- Names and addresses
- Dates of birth
- National Insurance numbers
- Passport/driving licence details
Financial information:
- Bank statements
- Credit card statements
- Payslips and P60s
- Tax returns
- Invoices and receipts
Business confidential:
- Customer/client records
- Employee personnel files
- Business plans and strategies
- Financial accounts
- Contracts and agreements
Professional records:
- Medical/patient records
- Legal case files
- Student records
- Insurance documents
Electronic Media
Data stored on electronic devices requires specialist destruction:
Computer equipment:
- Desktop computers
- Laptops and notebooks
- Tablets
- Servers
Storage media:
- Hard drives (HDD and SSD)
- USB drives and memory sticks
- CDs, DVDs, Blu-ray discs
- Backup tapes
- Memory cards
Other devices:
- Mobile phones and smartphones
- Printers (contain internal memory)
- Photocopiers (contain hard drives)
- CCTV systems and recordings
- Smart cards and ID badges
Simply deleting files or formatting drives does not destroy data – specialist software can recover “deleted” information. Physical destruction or certified data wiping is required.
How Criminals Obtain Personal Details
Understanding how fraudsters access information helps you protect yourself:
Bin raiding Searching household and business waste for documents containing personal details. Even torn-up documents can be reassembled.
Mail theft Intercepting post, particularly financial statements and pre-approved credit offers.
Dumpster diving Searching commercial waste containers, skips, and recycling bins.
Social engineering Using small pieces of information from discarded documents to build complete identity profiles.
Data recovery Using specialist software to extract data from discarded computers, phones, and storage devices.
How Criminals Use Stolen Data
Once criminals have your personal details, they can:
- Open credit accounts – Credit cards, store cards, loans
- Access bank accounts – Withdrawals, transfers, payments
- Apply for benefits – Fraudulent benefit claims in your name
- Obtain documents – Passports, driving licences, birth certificates
- Take out contracts – Mobile phones, utilities, rentals
- Commit further crimes – Using your identity as cover
- Sell your details – To other criminals on the dark web
Victims often don’t discover the fraud until months later when debts appear on credit reports or debt collectors make contact.
Secure Data Disposal Methods
Paper Documents
Professional shredding (recommended) Shredding companies like Shredsec use industrial cross-cut shredders producing confetti-sized particles (4mm x 30mm or smaller). This is the most secure and convenient option.
Shredsec provides:
- On-site shredding – Watch destruction at your premises
- Off-site shredding – Collection and destruction at our facility
- Regular collections – Scheduled service with secure bins
- Certificate of Destruction for compliance records
Office shredders (limited) Suitable only for small volumes of non-sensitive material. Most office shredders are strip-cut (insecure) or low-volume cross-cut. Staff time and maintenance costs often exceed professional service costs.
Burning (not recommended) Difficult to ensure complete destruction, creates environmental pollution, and may breach local regulations.
Electronic Media
Professional destruction Certified data destruction companies physically shred hard drives and devices, providing destruction certificates for compliance.
Data wiping Certified software overwrites all data multiple times, meeting standards like DoD 5220.22-M or NIST 800-88. Suitable for devices being reused or resold.
Degaussing Powerful magnetic fields erase data from magnetic media (HDD, tapes). Does not work on SSDs or flash storage.
Data Disposal Best Practices
For Organisations
- Create a data retention policy – Define how long different document types are kept
- Implement clear-desk policies – Reduce loose confidential documents
- Provide secure collection points – Locked bins for confidential waste
- Schedule regular destruction – Don’t let material accumulate
- Obtain destruction certificates – Document compliance for audits
- Train staff – Ensure everyone understands data protection responsibilities
- Review annually – Update policies as requirements change
For Individuals
- Shred all documents with personal details – Bank statements, utility bills, payslips
- Don’t leave mail in communal areas – Collect promptly, redirect if moving
- Check credit reports regularly – Spot fraudulent applications early
- Destroy old cards and documents – Cut up expired cards, shred old passports (after cutting corner)
- Wipe devices before disposal – Factory reset phones, wipe computers
- Use professional shredding for large volumes – Our home shredding service is cost-effective
Document Retention Periods
Keep documents only as long as legally required, then destroy securely:
| Document Type | Retention Period |
|---|---|
| Tax records | 6 years |
| Bank statements | 6 years |
| Employment records | 6 years after leaving |
| Medical records | 8 years (varies) |
| Contracts | 6 years after completion |
| Insurance policies | 6 years after expiry |
| Pension records | Until retirement + 6 years |
| Company accounts | 6 years |
Retention periods vary by sector and document type – check specific requirements for your industry.
Compliance with Data Protection Law
The Data Protection Act and UK GDPR require organisations to:
- Not keep data longer than necessary – Regular review and disposal
- Dispose of data securely – Prevent unauthorised access
- Document destruction – Maintain records for accountability
- Use appropriate processors – If outsourcing, ensure providers meet standards
Shredsec’s secure shredding services help you meet these requirements. Our Certificate of Destruction provides documented proof of compliant disposal.
Get Started with Secure Data Disposal
Ready to implement proper data disposal for your organisation or home?
Call: 0800 654 6507 Email: service@shredsec.com
We’ll discuss your requirements and recommend the right solution – from regular collections with secure bins to one-off clearouts of accumulated documents.
See our shredding services for full details of available options.
Contact Shredsec to discuss your shredding requirements.