Unacceptable Physical Security Must Be Corrected

The Information Commissioner’s Office (ICO) has found eleven banks and other financial institutions in breach of the Data Protection Act after investigating complaints concerning the disposal of customer information. They were were all found to

have discarded personal information in waste bins /receptacles outside their


This is a clearly widespread problem. The ICO points the finger at HBOS, Alliance & Leicester, Royal Bank of Scotland, Scarborough Building Society, Clydesdale Bank, Natwest, United National Bank, Barclays Bank, Co-operative Bank, HFC Bank, Nationwide Building Society and The Post Office. It must be seen as a major wake-up call as the guilty parties are all respectable organizations with sizeable security budgets and functions, ones that are more likely to be leaders rather than laggards in security. If these companies can’t get it right then it’s highly likely that your organizations are also at fault. And there’s no excuse. It doesn’t require expensive technology, just a clear policy and firm enforcement.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

It really is about time the UK Information Commissioner was seen to act, and act decisively. Companies like B4U drove a coach and horses through his enforcement notice with an "I am going to appeal, no I'm not" strategy that allowed them to keep the old electoral roll data up way past the 1 August enforcement date, and the UKIC pulled out of prosecuting them. Now we have a high(ish) profile thing that has appeared on Watchdog, and he gets an undertaking signed. Just how much more education do corporations need before enforcement and prosecution?
I could not agree more David. And there's definitely no excuse anymore.... The new British Standard BS 8470:2006 gives the most comprehensive overview of both internal, or outsourced, secure destruction operations.