Paper Data Breaches - 40% of all Data Breaches!
Did you know that paper data breaches are just as important as other data breaches? Statistics indicate that 40% of data breaches will be paper based. Only 27% of companies surveyed reported policies for the safe security, storage and disposal of confidential personal information. Find out more in this article!
Did you know that paper data breaches are just as important as other data breaches?
The facts. The EU’s General Data Protection Regulation (GDPR) came into effect in May 2018, requiring organisations to apply sound security practices to all electronic and paper-based personal data with respect to its collection, storage, access and disposal.
Part of the requirement is to put plans in place for what should happen in the event of a breach.
Whilst electronic data security has been very important for many organisations for many years, the security of paper based personal data is often neglected or overlooked.
Statistics indicate that 40% of data breaches will be paper based.
In recent research by PwC, one quarter of employees admit to not shredding confidential information whilst two thirds of respondents said that managing the risks associated with paper records was a top concern for them.
Indeed, only 27% of companies surveyed reported policies for the safe security, storage and disposal of confidential personal information.
This puts organisations at risk of non-compliance and data subjects at risk of fraud and identity theft. Paperwork still accounts for many common security breaches. According to the UK’s data protection regulator, the Information Commissioner’s Office (ICO), 40% of the 598 data security incidents recorded between July and September 2016 were attributable to paper breaches.
Those paper data breaches are split into the following:
- Loss or theft of paperwork (14%)
- Paperwork posted or faxed to the wrong recipient (19%)
- Data left in an insecure location (4%)
- Insecure disposal of paper (3%)
In May 2018, non-compliance with the GDPR may result in fines of up to 20 million Euro or 4% of the company’s global turnover, whichever is the greatest. That’s a high price to pay for the lack of a suitable data compliance policy.
How to avoid paperwork data breaches:
- Introducing clear rules about the use of paper documents containing information about an identifiable person and their personal data
- Defining what is ‘personal’ - and then the process of storing & shredding of documents – based on the sensitivity of the data contained – is the first step towards compliance.
A good records management policy should take into account of all of the above to ensure the correct processes are followed for continued compliance and reduced risk.