ITEC is one of the leading technology providers to education organisations in the UK.
A lesson on fighting fraud in schools
The term ‘information destruction’ (ID) may sound dramatic and imposing, but in fact it is one of the easiest safety measures for schools to implement. Indeed, with the help of a trusted information destruction company, schools can effectively protect private and confidential information from falling into fraudsters’ or criminals’ hands.
Information destruction has become an increasingly important issue. Alongside technical advancements, fraudsters are finding it progressively easy to access information, steal it and put it to malicious use. Many corporations have ‘copped-on’ to the risk of confidential information going astray or being stolen, however the education sector has been slower to recognise the huge financial and reputational risks involved and the need to put appropriate safeguards in place – i.e. secure data management and destruction systems.
In 2012 a BSIA survey of head teachers, deputy heads, teaching staff, bursars and administrators from nearly 100 schools across the UK proved somewhat concerning; attitudes to sensitive disposal appeared to be somewhat negligent. One third of respondents reported that they had not received training or guidance regarding data protection issues, while 79 per cent also felt that the threat posed by lost or inadequately disposed of data had either increased or stayed the same over the previous year.
Even more shocking – only 34 per cent confirmed that they used a professional ID company. The remaining 66 per cent either did not use one or were unsure of whether they did. So what are the key lessons educational institutions should be aware of?
Don’t ignore data protection
Non-secure disposal of data can lead to the long-term damage of a school’s reputation. Such behaviour appears careless and disorganised to the public. Indeed, since the Data Protection Act of 1998 (which aims to balance the rights of the individuals and organisations who are legitimately holding and using their information) proficient ID procedures have become much more strictly regulated. In 2010 the Information Commissioner’s Office (ICO) was given additional enforcement powers, enabling them to issue penalty fines of up to £500,000 in the case of a data breach.
The term ‘information’ covers an array of things; from paper to credit cards, SIM cards, media equipment, CDs, DVDs, hard disks, and hard drives.
Know the required standards
Once they have served their purpose, all confidential materials should be destroyed (either on-site or off-site) to the extent that they may never be reconstructed. ID companies should provide the customer (in this case a school) with a full audit trail, including a certification of destruction.
A key European standard for ID (EN15713) details the range of requirements that an ID company must meet: they must have an administration office on-site where records and documentation are kept; premises should also be isolated from any other business or activities operating on the same site; intruder alarms that are closely monitored by an Alarm Receiving Centre (ARC) should be installed on the property; and CCTV should be placed at the points where the unloading, storage and processing of information is conducted. The vehicles that transport the information due to be destroyed should also be fully secure.
There is also a British standard (BS 8470) that ID companies should comply with. According to BS 8470 ID companies must identify product specific shredding sizes, guaranteeing that the information is destroyed to the point of irreparability. BSIA ID companies are inspected to both of these standards, amongst many other important principles, making them reliable service providers.
Source a reputable supplier
When it comes to school security, there is no room for complacency, particularly when it comes to sourcing a reliable ID provider. It is absolutely essential that decision makers are choosing a company that meets with the essential standards highlighted above.
Members of the BSIA’s Information Destruction Section all adhere to these standards and meet with rigorous membership criteria. Further, the ID section of the BSIA follows a specific code of ethics that solidifies the section’s dedication to providing the best service for their customers.
Adam Chandler, Chairman of the BSIA’s Information Destruction Section, comments: “The commitment of BSIA members to best practice enables us to help our customers at a time when their businesses are most at risk from fraud.”
When it comes to ID there is no room for risk to schools, be it financial (in terms of fines) or reputational. To find out more about the ID section of the BSIA and their code of ethics, or to locate a trusted and professional ID service near you, visit the information destruction section on the BSIA website.