How the lack of one certificate could be disastrous for your finance business
Data security is vital for banks, building societies, financial advisers, insurance brokers, and insurers.
Customer trust is an important factor in the financial sector.
Once that trust is lost, it can be difficult for financial institutions to recover.
So, ensuring that confidential waste is properly destroyed is hugely important.
A case in Australia which is currently making the headlines proves the point.
The Commonwealth Bank had to admit it could not confirm the destruction of two magnetic back up tapes containing historical customer statements.
The tapes held the names, addresses, account numbers and transaction details of customers from 2000 to early 2016.
It is said the details came from almost 20 million accounts.
An investigation in 2016 found that it was likely the tapes had been disposed of, but this could not be confirmed, and the tapes did not contain PINs or passwords.
The bank then put practices in place to ensure this could not happen again but did not inform customers at the time.
The bank said it had discussed the matter with the Office of the Australian Information Commissioner and that there was no evidence of suspicious activity regarding the accounts affected.
However, it has been criticised in a recent report by the banking regulator The Australian Prudential Regulation Authority. The report said trust in the banking system had suffered a blow because of the case and other banking practices in the country.
Australia’s Attorney General Christian Porter also the data breach “very disappointing” and of concern to his office, even though data breach reporting was not mandatory at the time.
Further investigations into what happened are now under way.
What’s the lesson here?
The important lesson is to ensure that any financial institution has an audit trail for the confidential waste items it destroys.
That way, it can prove items have been shredded securely and dealt with properly.
The Commonwealth Bank case happened before the implementation of the new General Data Protection Regulation (GDPR).
Under the new rules, having a certificate of destruction and transfer certificates is even more important because of the level of fines which can be imposed on organisations which fail to handle customer data securely.
The highest fines for the most serious cases would be at 4% of worldwide turnover, or 20 million Euros, whichever is the higher.
Why should your financial institution choose On Time Shred?
- We give you a certificate of destruction so that you can prove your item was destroyed correctly, waste transfer notes and numbers, and an audit trail
- We can destroy in excess of 10 tonnes of confidential waste every hour
- We can reduce items to a dust sized particle
- We meet the shredding standards set by the Centre for the Protection of National Infrastructure (CPNI)
- Our employees are vetted
- Our vehicles have GPS tracking and our premises have 24-hour CCTV coverage. Access to them is tested regularly
- None of our waste goes to landfill