The Importance of Data Destruction; Another Costly Data Breach
Improper data destruction is serious business. The National Health Service (NHS) in Surry has been fined the equivalent of $307,000 (£200,000) when personal data on more than 3,000 patients was found on their recycled PCs. NHS had employed a data destruction company to securely wipe and destroy their hard drives and recycle the remaining pieces of their computers. NHS was alerted to a problem when a member of the public contacted them after purchasing one of their old computers online and found that it contained sensitive patient details. An excerpt from the full article:
Stephen Eckersley, ICO Head of Enforcement, said: “The facts of this breach are truly shocking. NHS Surrey chose to leave an approved provider and handed over thousands of patients’ details to a company without checking that the information had been securely deleted.
“The result was that patients’ information was effectively being sold online. This breach is one of the most serious the ICO has witnessed and the penalty reflects the disturbing circumstances of the case.”
“We should not have to tell organisations to think twice before outsourcing vital services to companies who offer to work for free.”
This recent breach is one more reminder about how important it is to choose a data destruction vendor who is both R2 and NAID certified. In simple terms, holding both certifications ensures that data, and its destruction, will be handled using only the highest level of security, that unusable electronics pieces won’t end up in a landfill, and that there is a secure chain of command throughout the process. It means that companies who employ properly certified vendors won’t experience the same issue that NHS recently has when it comes to a costly, and embarrassing, data breach.