Document Scanning

ICO guidelines ‘do not go far enough to protect data’

One expert has noticed a gap in data protection when it comes to old devices being thrown away or recycled.

The Information Commissioner’s Office (ICO) recently published new guidelines designed to help businesses with data protection, but one expert has argued they do not go far enough.

Ken Garner from BlackBelt, a company that provides anti-theft solutions for mobile phones, said in an article for SC magazine that he was encouraged to see the 1998 Data Protection Act being reinterpreted by the ICO to reflect how mobile technologies are changing the workplace.

He said this is particularly timely given the explosion of the ‘bring your own device’ (BYOD) trend.

However, Mr Garner warned that businesses are not being advised to think about the entire lifespan of technology such as tablets and smartphones.

"Even if a business has a functioning BYOD policy to safeguard sensitive corporate and personally identifiable data while a device is in use, these efforts can be futile if that data is not systematically wiped when the handset is sent for disposal," he pointed out.

Indeed, with many consumer mobile phone contracts only lasting between 12 and 24 months, there is a vast potential for data to get into the wrong hands once mobiles are passed on to new users.

"Data processors must use data wiping solutions that are auditable and offer a certificate of data sanitisation in order to ensure BYOD schemes will benefit, not harm, their business," Mr Garner concluded.

Veracode senior security researcher Tyler Shields also told the magazine that apps should be secured even while employees are using them, as tablets do not even have to be stolen to be at risk now.

One solution could be to store sensitive data remotely rather than allowing employees to carry it around and take it home with them.

After all, there is not only the threat of theft, but also of people damaging things like memory sticks – a recent study by the University of Ohio and HP Labs found that even power failure to devices can corrupt some storage devices so badly that they become unusable.

Dajon Data Management offers document scanning facilities and cloud computing solutions that mean confidential data can be stored remotely, minimising or even eliminating all of these risks for employers.