Welcome to the world of Electronic Recycling in Dublin, Ireland. Our News will mostly include articles and information on the world of recycling with a specific attention to recycling of Electronic Waste and Data Security.

Searching the blog under "Data Security, Exporting or Donating" will bring up a list of related articles

Monday, March 16, 2009

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Data security breaches pose a serious threat to business, according to a report from consultants PricewaterhouseCoopers (PwC).

The recent Survey revealed that more than two-thirds of organisations do not maintain an inventory of user data or a list of locations and jurisdictions where this information is stored.

The survey found that only half of all companies have a policy that addresses the protection, disclosure and destruction of data and, although many organisations operate a security encryption policy while transmitting data, very few use encryption for data which is “at rest” i.e. information in databases, file sharing and storage, laptops and back up facilities

According to PwC, companies cannot afford to take data security lightly. Identity theft is rampant, accounting for about one-third of consumer complaints received by the Federal Trade Commission last year- whether you’re a security leader or a business line executive—now is the time for you to start better protecting your company’s customer data, core intellectual property, trade secrets, and regulated data.

Speaking at the launch of the report, Ciaran Kelly of PwC Ireland said: "With consumers and regulators demanding more control over sensitive data than ever, it is clear that now is the time to start better protecting your company's customer data."

In Ireland It is the legal responsibility of ICT data controllers to comply with Data Protection legislation. EU Data Protection Directive 95/46/EC specifies the general obligations of data controllers as to how personal data is handled. The Directive is transposed into Irish law as the Data Protection Act 2003; this in turn adds to the provisions of the Data Protection Act 1988.

While managing and protecting current data is important, companies also need to be extremely careful when disposing of IT equipment that contains sensitive data. There are many reports of computers, with their hard drives intact, being found in open markets in the third world and there is also a market for used data tapes. Deleting files or even reformatting a hard drive does not remove the information, as this can be restored using readily available software

The problems associated with data security for end of life equipment can be eliminated by using reputable IT recycling companies, who can provide certified data destruction services as part of their asset management or equipment recycling processes.

Apart from a company’s responsibilities under the Data Protection Act, there is also a continuing responsibility under the Waste Management Act 1996 (amended 2001) for IT equipment, until it has been proven that it has been disposed of properly. If the cannibalised remains of a company’s equipment are disposed of illegally, it is the company that is responsible, not the person who took it away for disposal.

When replacing or disposing of end of life IT equipment, companies need to ask their new equipment vendor, waste service provider or facilities manager, what exactly happens to their equipment once it leaves their control.
Posted by at

2 comments:

Anonymous said...

Encrypting an entire disk wil not serve the purpose, hackers can even get encryption key to get the complete data within the disk. It is just like a lock and key mechanism, if you loose the lock, hackers know how to open it.
I dont find any advantages in locking the USB ports within the organization, point is the need of secure managing of USB's. I heard a company Trinity Futurein ( www.trifuturein.com) which can restrict employees from taking out data from an organization by the means of USB and other removable drives and also from laptop.
More and more technological solutions are emerging out to prevent loss just like Trinity which is concerned about digital loss

March 17, 2009 at 4:52 PM
Anonymous said...

Good article! With end-of-life processing, it is important to find out what your vendor will do with your equipment. Regardless of whether they will resell the equipment, what steps are they taking to wipe your data, and can they prove they performed those steps? If they plan on recycling the equipment, will any of the equipment end up in a landfill or shipped overseas? The last thing you want is to find out that your computers were shipped to some dumping grounds in the Far East.

March 21, 2009 at 10:37 PM

Post a Comment

Subscribe to: Post Comments (Atom)