All UK businesses are in possession of sensitive information in some form or another, whether that be personal information of customers or staff, customer financial information or anything else considered to be sensitive. Many people believe that they simply have a moral duty to fulfil, yet what they don’t understand is that the UK has a number of strict laws about how sensitive documents should be stored and destroyed, including a variety of types of data in paper or digital form.
Failure to comply with the laws and regulations surrounding document destruction will not only open up the possibility that the sensitive information could get into the wrong hands, but it would also see the business face severe legal implications.
Storing documents before destruction
The storage of data before they are destroyed is a big focus of the current UK laws, looking at how they are handled and their overall security. The documents are required to be stored in a secure location with specialist security measures, ensuring that a minimal amount of people handle the data before its destruction, as well as the ability to access the data with authorisation only. These regulations are designed to minimise the possibility of a confidentiality breach, protecting the data at all times before they are destroyed.
Understanding the law
The first thing to be clear about is the fact that not knowing or understanding the law regarding document destruction does not mean it doesn’t t apply to you, and that you and all relevant members of staff are fully aware.
The Data Protection Act is currently in place to ensure that the data that a business possesses is not used for anything other than it should be, without the consent of the individual.
The Act also specifies that a business should have the correct provisions in place to provide correct security to the documents, and that the business has dedicated personnel responsible for data security, has relevant policies in place and that all of its staff are aware of them, and also that the business can effectively respond to any security breaches.
Under the Freedom of Information Act (FoI), indiviuals can request information which are in the possession of public authorities.
Those covered within this Act include:
- Houses of Parliament
- Government departments
- NHS hospitals, doctors’ surgeries
- Universities, schools and others
These organisations must keep a record of all information requests. The FoI Act sets clear guidelines for storing and destroying information, such as ensuring the implementation of correct policies for document destruction, correctly storing them before their destruction, document retention periods and also any requests for information.
Document Destruction Certification
Once your business documents have been disposed of, the law states that you must keep a copy of the destruction certificate that you received from your professional document destruction company.
Not only does keeping your destruction certificates demonstrate that you are fully compliant with all laws and regulations, but it is also a good thing to make your customers aware of whenever relevant.
It is important that you choose a good quality, experienced and professional company to handle your document destruction needs as this will ensure that you are fully compliant and that you won’t face any legal implications.
Author: Joe Muddiman
DISCLAIMER: This article should not be regarded as constituting legal advice in relation to particular circumstances. This article is merely a general comment on the relevant topic.