Published by Public Service Magazine
Fraud costs the UK economy £30bn a year, of which 58% of fraud was in the public sector at a cost of £17bn – paid for through taxes and rising prices of goods and services.
Fraud, freedom of information and data security is in the focus of the media more than ever before so just how do public sector managers protect citizens' private information and their own reputation?
The answer is largely one of mindset. Public sector managers and their staff must understand their collective legal obligation to protect confidential data relating to themselves, their organisation and the private citizens they hold information about.
The rules governing this responsibility are clear, and governed on a UK basis. The Data Protection Act demands that confidential documents remain the responsibility of the organisation which created them right up until the moment they are destroyed. So handing confidential information to a third party does not absolve organisations from responsibility or provide protection from any possible fine levied by the Information Commissioner's Office.
Secondly, managers must remember that whatever their current arrangement s for ensuring the secure disposal of confidential information, it may be flawed. Any process is only as strong as its weakest link and should be constantly reviewed and adapted to reflect changes in the workplace environment.
A clear need also exists for public sector managers to clarify in their own minds the key differences between the recycling of documents containing confidential information with secure document destruction. These terms are not synonymous and employing them interchangeably only heightens the reputational risks associated with a confidential data breach.
While document destruction companies do ultimately send material for recycling this is very much a secondary activity. The first priority is to shred material beyond reconstruction. Security is the order of the day.
The solution to this entire challenge is a logical one. Managers must ensure all staff understand their legal obligations and are clear which information should be regarded as being confidential, and regularly review the security effectiveness of the document destruction process.
Implementation of a secure on site document destruction process usually holds the key. Documents, CD's and USB sticks should be placed in a secure console the moment they are no longer needed. And where a third party is responsible for destruction, this should be carried out on the premises.
When this is complete, managers should expect to immediately receive a Certificate of Destruction. This document provides crucial proof that materials have been destroyed and leaves organisations no longer responsible for the data they contain.
Shred-it, the leading mobile shredding company offers these services to over 5,000 organisations in the private and public sectors throughout Scotland.
Gillian Francis, Facilities Manager for Aberdeen Council says: "We have now been using Shred-it's secure console system for some time. Compared to other options available in the market place we are confident that it provides the most convenient and secure way of ensuring that all of our confidential documents are handled properly and securely destroyed. Not only that but once shredded all the paper is recycled".