With the National Health Service (NHS) hitting the headlines more than once of late for non-compliance with the Data Protection Act, now is a particularly relevant time to explore the many solutions open to healthcare professionals wanting to enhance data security.
Earlier this year, the Information Commissioner’s Office (ICO) handed down its first ever fine – totalling GB pound 70,000 – to the NHS following the mishandling of confidential information. This represented a major step change in terms of the way in which enforcement of data regulation is now affecting companies across the health sector.
More recently, as reported on Info4Security.com, Brighton and Sussex University Hospitals NHS Trust became the recipient of the ICO’s largest fine to date (weighing in at GB pound 325,000).
Continuous reports of data breaches – as well as an increase in public concern over the way sensitive information is held by organisations – have contributed to tougher regulations and requirements being placed on companies across the sector.
Although the consequences of failures in data security are known to all, it’s concerning to witness how so many organisations are still unaware of how to handle their sensitive information (and, more importantly perhaps, who they should select to ensure its adequate destruction).
Framework for consistency
Earlier in the year, a new framework to ensure consistency throughout all EU Member States was unveiled by European justice commissioner Viviane Reding. The framework, which applies to all 27 European Member States, requires all organisations to report data breaches within 24 hours and to employ a Data Protection Officer for any operation employing 250 or more members of staff. It also warns that businesses may be fined up to 2% of turnover for a proven data breach.
Critics of the framework have questioned some of its constituent elements, including the strict 24-hour cut-off time for data breach notifications.
The reality is that these changes are asking companies to make an even bigger commitment to their confidential data handling processes, and forcing them to take responsibility for any shortfalls in their security strategies.
Anthony Pearlgood, recently re-elected as chairman of the BSIA’s Information Destruction Section, elaborated: “Despite the widely reported risks of data breaches and identity fraud and increased pressure by regulators, research undertaken last year by the BSIA underlined the fact that there remain serious gaps in how data disposal is handled by public and private sector organisations alike across the UK. One worrying statistic is that one third of organisations questioned are still relying on standard municipal waste disposal to deal with even the most sensitive of their information destruction needs. This is extremely concerning given the dangers that entails.”
Significantly, the same piece of research showed that nearly 19% of organisations questioned had been the victim of serious data fraud.
Where such data breaches occurred it was noted by the respondents that half of these involved paper-based scenarios while the rest were related to computer hard drives. A clear demonstration that, even in a world where cyber threats are continuously increasing, paying attention to the way physical materials such as paper, storage devices and branded goods are destroyed is still very much a crucial aspect of security.
Observation of European Standard EN15713
The message is clear: any company bidding for information destruction work should, as a prerequisite, be able to provide conclusive proof that they adhere to a strict code of ethics and satisfy the provisions laid out in the pivotal European Standard EN15713. The standard provides information destruction companies with recommendations for the management and control, collection, transportation and destruction of confidential materials and the recycling process in order to ensure such material is disposed of securely and safely.
As well as helping to ensure the highest standards, EN15713:2009 also provides a valuable benchmark to assist users in choosing their service provider. This is particularly essential in a sector like the NHS where the sensitive nature of the documents and materials dealt with – including patient records ranging from demographic data such as age, occupation and race through to addresses and contact details, health condition and financial details – requires the tightest of procedures to ensure maximum security for the information held.
Pearlgood explained: “Unfortunately, organisations in the health sector often fail to understand the implications, scope and importance of the standard as such documents can be technical in nature. As revealed by our research, only 50% of facilities managers who have taken steps to outsource data disposal functions know whether their provider actually complies with EN15713. This is deeply concerning, as the BSIA believes it should be the first question asked of any secure waste disposal business by a prospective customer.”
The BSIA’s Information Destruction Section played an active part in the development of EN15713. Again, earlier this year, to help users realise the standard’s importance the Association launched a one-page, easy-to-understand informational leaflet outlining key points of consideration. This publication may be downloaded from the BSIA’s Information Destruction Guidance webpage: search for Form 204.
All BSIA Information Destruction Section members are inspected to the European standard as part of the audit procedure for their obligatory ISO 9001:2008 quality accreditation. This means that they’ll be independently audited to ensure they continue to comply with the requirements as laid down within the standard.
Moreover, all members adhere to the ID Section’s Code of Practice, and are committed to educating the sector and its customers on all issues relating to the way in which sensitive material should be handled. With plenty of experience in the industry, those BSIA members should be the health sector organisations’ first port of call for any information destruction requirements/information.
- For more details about the work of the BSIA’s ID Section and how it strives to raise standards within the industry, or to find a registered service provider near you, visit the BSIA’s official website
‘Inspirational’ London 2012 careers initiative recognised by national award
The Bridging The Gap project, a London 2012-inspired careers initiative originally developed by the BSIA, has been recognised at the prestigious Podium Awards where it was named this year’s most ‘Inspirational Skills Project’.
Inspired by the demanding security personnel requirements for this year’s Olympic and Paralympic Games, Bridging The Gap also aims to address the ongoing skills shortages across the security sector. The project is now being delivered at more than 90 further education colleges and a range of higher education institutions across the country. It provides students with specialist qualifications to work as part of a highly trained and motivated workforce in helping to support venue security operations at the Games.
Bridging The Gap is also supported by the London Organising Committee of the Olympic and Paralympic Games (LOCOG), the Home Office, the Security Industry Authority and Skills for Security. Indeed, LOCOG has so far invested more than GB pound 1 million in Bridging The Gap to assist young people in learning new skills and gaining on-the-job training, which ultimately leads to a job at the Games.
The Podium Awards celebrate the contribution of colleges and universities to London 2012, and the Bridging The Gap scheme won the award for Inspirational Skills Project due to its significant impact on young people in terms of work experience, confidence-building and pay, with over 11,000 students now having completed (or who are currently undertaking) stewarding qualifications.
David Evans, the BSIA’s project director for 2012 and one of the original founders of the project, commented: “BSIA members have supported Bridging The Gap since its inception by providing students with opportunities to train and gain experience in their field. To see it being recognised by the education sector is hugely encouraging for our industry. We’re planning to introduce a new supply line of talented young people from colleges to industry across the UK as part of this summer’s legacy.”
Looking beyond London 2012, the project’s stakeholders are working together on a legacy initiative that will continue to bring many new recruits into the security sector long after the Olympic and Paralympic Games have come to a close.
For more information on Bridging The Gap click here
The Big Issue: BSIA confirms Baroness Newlove as Guest of Honour for 2012 Annual Luncheon
The BSIA’s Annual General Meeting and Annual Luncheon will take place at the London Hilton Hotel, Park Lane on Wednesday 27 June. The 2012 event is an ideal opportunity for the Association’s members to gather with industry peers and celebrate the successes of the past twelve months. Their customers are also welcome to attend.
This year, the Guest of Honour is Baroness Helen Newlove, the Government’s Champion for Active Safer Communities, whose 2011 report entitled: ‘Our Vision for Safe and Active Communities’ called for a change of culture so neighbourhoods no longer see crime, anti-social behaviour and disorder as ‘someone else’s problem’.
Baroness Newlove is a community campaigner based in Warrington who, since the violent death of her husband Garry in 2007, has worked tirelessly to make her local area a safer place to live. Through campaign work, Baroness Newlove aims to provide opportunities for all members of the community, and to bridge the gap between generations.
At the BSIA event, Baroness Newlove will give a keynote speech and also present the Security Personnel Awards 2012, the Apprentice Installer Awards 2012 and Special Awards for Outstanding Service in the Cash-and-Valuables-in-Transit sector.
Incoming BSIA chairman Geoff Zeidler – managing director at Securitas for the UK and Ireland – will also address guests in his inaugural speech, and will present his first BSIA Chairman’s Awards to recognise those individuals who have made a particularly impactful contribution to the security world (in the arenas of standards development, exporting and community safety).
Of course, the annual Infologue.com/Info4Security.com Building The Future Award will also be presented by leading industry commentators Bobby Logue and Brian Sims.
Taking place immediately prior to the Annual Luncheon, the Association’s Annual General Meeting allows members to hear directly from the current chairman Julie Kenny CBE DL and BSIA president Sir Keith Povey, who’ll be providing essential updates on the BSIA’s activities and finances.
- Places are available to attend the AGM but for BSIA members only. The deadline for bookings (Friday 22 June) is fast approaching. To book your place or for further information contact the BSIA’s events manager, Christine Brooks, on (telephone) 0845 389 0743 or by e-mail at: c.brooks@bsia.co.uk
Amanda Beesley is PR and marketing communications manager at the British Security Industry Association