Search Onsite Data Destruction

White Paper - Destroy Your Data...


ODD on Twitter

Legal Obligations

What's your Exit Strategy?

The following extract is taken from a paper delivered by Mr Ian Williams – Lead Policy Officer – Information Commissioner's Office titled "The ICO perspective on asset disposal" original source 

Data Protection Act 1998 – Schedule 1, Part 1, Principle 7

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

What does principle 7 mean in practice?

Organisational measures data-protection-185

  • Vetting staff
  • Ensuring staff confidentiality
  • Having clearly written policies and procedures in place
  • Appropriate training

Technical measures

  • Safe place to store personal data
  • Appropriate security software depending on the nature of the data
  • Appropriate exit strategy for personal data i.e. measures to destroy, delete or erase data

Managing the lifecycle harddrive overwrite

  • Check what you have got? How valuable/sensitive is it?
  • Who's in charge?
  • Security measures
  • Organisational measures
  • Staff
  • Physical security
  • Computer security
  • Have an exit strategy!

Data controller and processor relationship

Data Controller (End User) ico logo

  • decides what to do with the data
  • is ultimately responsible if something goes wrong with the data
  • must ensure compliance with the Act
  • have a written contract in place

Processor (Third Party Contractor)

  • acts on instructions from the data controller
  • is not subject to sanctions by the DPA

Lessons learnt

  • Don't think that your responsibilities end at the back door odd web
  • Choose contractors carefully and make sure that they follow your instructions
  • Always have a written contract in place
  • If you are selling your hardware on make sure personal data is removed

In addition to Principle 7 Data Controllers should also be mindful of Principle 5, stock piling data devices intended for destruction could result in a breach against Principle 5. 

Data Protection Act – Schedule 1, Part 1, Principle 5

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Find Out More

Come and Meet The Regulators - March 14th 2013 - Ricoh Arena, Coventry

This seminar is FREE for Persons involved / responsible for disposing of redundant IT Equipment  Find Out More!

Onsite Data is a member of Advanced Digital Dynamics Group, committed to helping you Protect your Data and therefore Protect your Reputation.

Onsite Inventory

  • Full Asset Reconciliation
  • Hard Drive Inspection
  • Asset Sign Over
  • End to End Traceability
  • Unique Identifiers
  • Full Certification
  • Secure Asset Management

Onsite Data Destruction

  • Desktops, Laptops
  • Servers, Data Centres
  • Optical Media, CD's DVD's
  • Portable Media, USB's, HDD's
  • Photocopiers, Printers, Fax's
  • Mobile Phones, PED's, PDA's
  • Medical Devices

WEEE IT Disposal

  • Computers, Servers
  • Networking Equipment
  • CRT & TFT Monitors
  • Keyboards, Mice
  • Photocopiers, Printers, Fax's
  • Mobile Devices, Phones, PDA's
  • All types of WEEE