Shred on Line is please to anounce that as from today it has gone live.
Shred on Line has 2 functions.
1 To provide a Hub between reputable shredding compnies so thay can pass on shredding jobs that are out of their area and not profitable for them to carry out themselves.
The Hub has appointed a reputable shredding company for each post code area in the UK. The job is passed on at an agreed price so the introducing shredding company knows in advance what the job will cost and what his profit will be. The Hub generates the shredder's invoice and deals with payment.
Payment is automated and the introducing shredding company pays for the shredding in 42 days and the shredder is paid in 49 days.
2 To offer competative shredding to business. The business pays for the shredding by DD 14 days after the invoice and the shredder is paid by BACS 7 days later.
Tags:
UK DATA PROTECTION FINES FIRST SIGN OF COMING CHANGES ACROSS REGION
Reported by the BBC
24 November 2010
The UK Data Protection Commissioner has issued the first two fines under a new penalty structure enacted nearly 8 months ago.
A £60,000 fine was levied against a private firm for losing a laptop computer containing the unencrypted personal details of thousands of individuals, while a public agency, the Hertfordshire County Council, was fined £100,000. Last March, the UK government increased the maximum fines for violations of the data protection directive to £500,000.
According to Geoff Parkinson Managing Director of Shredonline Limited “It is only a matter of time before such fines start to be the norm for improper disposal of information. It is gouing to cost companies and all other organisations ever increasing sums of money for not taking the destruction of confidential information seriously.
The article also cites a recent UK survey where four out of five people feel the need for a law which would force companies to publicly declare any data breaches.
NAID-Europe is preparing to respond to the European Commission’s (EC) recent request for public consultation on its ideas to ensure effective and comprehensive protection of personal data. Among the Commission’s promising ideas (as put forth in the seed document) that NAID-Europe will directly comment on are:
- Assessing the need to strengthen existing provisions on sanctions, for example, by explicitly including criminal sanctions in cases of serious data protection violations.
- Making the appointment of an independent Data Protection Officer mandatory and harmonising the rules related to their tasks and competencies, while reflecting on the appropriate threshold to avoid undue administrative burdens, particularly on small and micro-enterprises.
- Including in the legal framework an obligation for data controllers to carry out a data protection impact assessment in specific cases—for instance, when sensitive data is processed, or when the type of processing otherwise involves specific risks, in particular when using specific technologies, mechanisms or procedures.
- How to strengthen, clarify and harmonise the status and the powers of the national Data Protection Authorities in the new legal framework, including the full implementation of the concept of “complete independence”.
DELAY OF PROPOSED DATA PROTECTION DIRECTIVE NO REASON FOR DISAPPOINTMENT
The office of Viviane Reding, the EU Commissioner assigned to rewrite the EU Data Protection Directive has announced that they will not issue their proposed revision of the region’s fifteen-year-old Data Protection this in November as originally promised.
Instead, Europe’s most well-known consumer advocate says she will not issue a statement on the rewrite, taking a full year more to get it right.
The postponement comes in response from some of the continent’s most prominent data protection officials, urging the Commission to take more time developing the Directive.
NAID CEO Bob Johnson maintains that there is nothing to be disappointed by the delay. For one, Johnson says that it shows she is listening to the right people. “The same people asking her to take more time are the people asking for data breach notification, better enforcement powers, mandatory fines and written policies. This means that she is turning to the right people for advice.” Johnson goes on to say, “If we’ve learned one thing it is that the longer these things stay in the news, the better off we are. Lengthening the process just gives us longer to talk about it, longer for the media to focus on it, and increases the odds of a meaningful new regulation.”
As it stands, the proposed new version of the Data Protection Directive will not be issued until November of 2011, and will then be subject to a year or more of debate.
MEDICAL FILES STREWN OVER CAR PARK
Halesowen News
19th August 2010
Medical records belonging to a local pensioner and blank prescription pads were among the recently found confidential files strewn across a NHS car park, according to a report in Halesowens News on 19th August.
The article reports that the authorities are unsure about how it happened and are apologizing profusely.
According to EU justice commissioner Viviane Reding, "Having a watchdog with insufficient powers is like keeping your guard dog tied up in the basement," in reference to the UK Data Protection Directive’s perceived deficiencies. At the time she was giving the UK Ministry of Justice (MoJ) two months to bring those enforcement provisions into line with the intent of the EU Directive created in 1995.
As for the EU Commission, major issues include the inability of the Information Commissioner's Office (ICO) to investigate or randomly check companies or people who process data and the inability to enforce penalties on companies failing to properly protect data. The ICO also has no powers to investigate other countries' data protection practices.
The UK MoJ responded formally last week—on the deadline for responding—but is saying it would be inappropriate to comment during the negotiations with the Commission.
A new law in the United States requiring substantial fines for improper disposal will likely not go unnoticed by the EU Commission currently revising the Data Protection Directive (DPD), according to NAID CEO Bob Johnson – especially if NAID has anything to say about it.
“When the EU DPD was originally created, it put the region on the leading edge of privacy protection,” says Johnson. “However, in the 15 years since that time, other regions have recognized the critical need for stronger enforcement.” Johnson continues, “It is no surprise that data protection officials across the region are calling for reform of the DPD are primarily looking for stronger powers and enforcement in the next version.” (For more on this subject, see “EC DEMANDS UK DPA ENFORCEMENT”, below.)
NAID-Europe has already engaged in discussion with those responsible for revising the DPD, primarily the office of Ms Viviane Reding (Luxembourg), currently the EU Commission Vice President. A spokesperson for EU Commissioner Reding recently stated that, "Commissioner Reding envisages it as a bit more than simply 'an amendment'... It is rather an overhaul,” indicating that she sees the revision to be quite extensive.
“It is our job to make sure those working on the new DPD see that jurisdictions around the world have the same issue and are taking action,” says Johnson. “We’ll make sure of it.”
Johnson will provide an updated revision of the DPD that will examine the indications of what it will likely hold for the secure destruction industry at the upcoming NAID-Europe /PRISM Conference. In addition, he will brief members on the association’s ongoing strategy with the EU Commission, discuss the movement toward more data protection enforcement around the world, and review the results of the Consumer Attitudes Research Survey.
The UK’s Information Commissioner has called on businesses to put a value on personal information and invest in systems to protect it, or risk the legal or PR consequences.
The ICO released a report this week entitled “The Privacy Dividend” which the organisation says sets out a financial case for data protection.
“No organisation can neglect to protect people’s privacy. Not only is it the law, but there is also a hard-headed business imperative,” said Information Commissioner Christopher Graham. “This report provides organisations with the tools to produce a financial business case for data protection, ensuring privacy protection is hardwired into organisational culture and governance.”
According to the ICO, the report includes “practical tools” to help organisations prepare a business case for investing in privacy protection. These include “Calculation Sheets” to help companies assess the value of their personal information.
“Even though we have had data protection laws for 25 years, continuing privacy incidents, such as with well-publicised data losses, show that more still needs to be done to help ensure that personal information is properly protected,” said Graham. “Protection cannot be left to chance or be seen as doing only the bare minimum necessary to comply with the law; proper safeguards have to be built in from first principles, not bolted on inadequately as an afterthought.”
Last month a mortgage company was found in breach of the Data Protection Act by the ICO after accidentally emailing details of more than 15,000 customer accounts to a member of the public.
In January the ICO warned that businesses that do not own up to data breaches will face tougher action than those that come forward of their own volition. The ICO said that more than 800 data security breaches have been reported over the last two years. The ICO warns that companies that approach it voluntarily will still face some action, but those businesses which attempt to cover-up security incidents will be hit with much tougher penalties.
Get notified when a new post is published.