Threats to Your Physical Data Destruction Process

Mark Harper of HSM, discusses how the media focus on cyber-attacks and digital data breaches means we are in danger of neglecting our physical information security. Mark highlights the potential risks to paper-based security and how to negate them.

In today’s data-driven environments, data compliance and security should be at the heart of any business.

With the GDPR driving changes back in May 2018, it seemed as though emphasis rightly focused on confidential data as a whole, no matter its source. However, in the past 12 months we’ve seen larger organisations (such as Google and Facebook) placed under the microscope with the threat of large fines as a result of digital data misconduct. With this in mind, we’re now in danger of our focus slipping when it comes to paper documentation and its safe disposal. So, has the pendulum swung too far?

Neglect at your own risk

July has again been riddled with media coverage showcasing digital data breaches as the Information Commissioner’s Office (ICO) threatens to fine top brands almost £300m. British Airways is subject to the largest yet under the new rules, after the ICO are set to fine £183m after the personal data of 500,000 BA customers was stolen from their website and app.

In 2016, the ICO revealed that some 40% of data security incidents related to loss or theft of paper – and this figure rose again the following year. It’s fair to say that, in terms of media emphasis, these figures unfortunately aren’t represented. Yet, UK businesses simply can’t afford to neglect paper-based documentation. Stringent consideration into how and where physical documents are disposed of is essential as there are a number of risks associated with their collection, transportation and destruction.

 

MinCutting-roller

So, with this in mind, how can we mitigate physical data breaches?

Protection at the source

The Centre for the Protection of National Infrastructure (CPNI) highlights the potential threats to the physical data destruction process, including:

  • Accidental loss
  • Emergency abandonment
  • Espionage
  • Hijack or vehicle theft
  • Insider attack
  • Theft

While these threats have the potential to occur at any point, there is evidently less control when paper leaves a building.

There have been numerous incidents when highly confidential documents have been left behind. This year in particular has been subject to some potentially serious blunders. In early July, top secret documents containing detailed security arrangements relating to the Porton Down military research facility were discovered in a London bin. Earlier this year, boxes of intimate patient records and financial data were discovered by the BBC in an abandoned nursing home. Negligence towards physical document destruction could cost UK businesses thousands, if not millions.

Organisations are right to invest in encryption, antivirus programmes and other security measures so that digital data remains as secure as possible, but it should not be done at the expense of implementing sensible and proportionate security measures for paper documentation.

External data destruction solutions, such as off-site shredding, are often employed for convenience, but rarely is the true security of these services understood or investigated. Yet, control is lost as soon as documents leave a building to be destroyed. Off-site shredding may seem convenient, but it opens up a higher possibility of potential risks to documents as soon as they leave the premises, including theft, loss and espionage. Not to mention that these solutions are typically more expensive over time.

Document security is best left in-house. Best practice, when disposing of paper, is to destroy documents at the source, rendering them secure at the time of shredding. It’s about maintaining control of what can be a sensitive process. Not only does in-house shredding neutralise the risks associated with off-site transportation, there is also more control to ensure that destruction is carried out to an appropriately secure size. And, yes, particle size is important: a P-1 high volume shredder (typically found in off-site shredding trucks) will produce strips at least 10 times larger than a standard P-4 cross-cut office shredder for example. So, why leave paper document security to chance?

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Andy Barratt

Attention! Why ex-services personnel should be at the front line of cybersecurity

Andy Barratt, UK managing director at cybersecurity consultancy Coalfire, looks at the potential for ex-servicemen and women to bridge the skills gap
Andy Barratt

Attention! Why ex-services personnel should be at the front line of cybersecurity

Andy Barratt, UK managing director at cybersecurity consultancy Coalfire, looks at the potential for ex-servicemen and women to bridge the skills gap
Mark Haper

Threats to Your Physical Data Destruction Process

Mark Harper of HSM, discusses how the media focus on cyber-attacks and digital data breaches means we are in danger of neglecting our physical information security.

Threats to Your Physical Data Destruction Process

Mark Harper of HSM, discusses how the media focus on cyber-attacks and digital data breaches means to our physical security
Mark Haper

Are GDPR standards slipping one year on?

On May 25, the new GDPR standards were set, sending many organisations into a frenzy to ensure they were dealing with sensitive data in the correct way

Are GDPR standards slipping one year on?

On May 25 2019 the new GDPR standards were set, sending many organisations into a frenzy to ensure they were dealing with sensitive data correctly
Axis intersec

Join Axis at Intersec 2019 and experience secure intelligent solutions

In 2018 we invited you to join us at Intersec. This year, we add another growing segment to the list – Smart Cities. So, what is new?
GRC International Group

GRC International Group brings clarity to GDPR breach reporting with the launch of GRCI Law

GRC International Group has launched GRCI Law – a new arm of the organisation designed to support organisations in all aspects of GDPR compliance.

GRC International Group brings clarity to GDPR breach reporting with the launch of GRCI Law

GRC International Group has launched GRCI Law – a new arm of the organisation designed to support organisations in all aspects of GDPR compliance.

GDPR compliance demystified with new online self-service tool

Information security specialists, Shred-it, has announced the release of a new online self-service tool designed to help businesses achieve General Data Protection Regulation (GDPR) compliance.
Scroll to Top