Did your government or company collect your personal data during the 2020 Pandemic? Were you urged to sign-in a register or download an app to confirm your location presence, every time you visited a public space? A new research in the UK suggests that the information you provided could have compromised your data privacy.
A new research from DSA Connect, an IT asset disposal company which specialises in permanent deletion and destruction of electronic data, reveals that 15% of people who work for businesses such as pubs and restaurants that have had to capture personal contact details of customers and other people who have visited their premises during the COVID-19 crisis, believe this data is not stored in a secure way.
Only 17% said they think it is stored very securely, and a further 42% said its storage is secure enough.
The findings also reveal that only half of those interviewed said they were aware of restrictions around accessing this data, and which of their colleagues are permitted to do this.
Some 31% said they are aware of restrictions, but have not been informed on who can access the data, and even more alarming is the fact that 16% said they are not aware of any restrictions, or don’t believe there are any.
Legally, the data collected needs to be deleted within 21 days of collecting it, but only 22% of those people interviewed who work for employers that collect this information are ‘very confident’ this happens.
In addition to this, the data must not be used for marketing purposes but only 48% of those interviewed say they are ‘very confident’ this does not happen.
Some 11% said they were not confident the data would not be used for this purpose.
Harry Benham, Chairman of DSA Connect said: “These findings are alarming and there have been some high profile cases where people claim that data collected by shops and retailers they have visited for example, have misused this information.
“Employers also need to make sure they have deleted the data held correctly because if they don’t they could face fines. Legislation around how personal data is stored and used in the UK has never been more robust.”
DSA Connect provides a secure IT asset disposal service utilising a methodology created in partnership with the Ministry of Defence.
Its IT end-of-life service allows for the complete removal and data eradication from IT equipment and electronic devices by using tools certified by CESG and approved by the UK National Cyber Security Centre (NCSC).
Also, depending on the quantity and type of equipment for disposal, DSA Connect offers a rebate of up to 60% on all re-saleable assets.
The company was established in 2011 to partner the Ministry of Defence in developing the MoD’s asset disposal service.
The specific services that can secure citizen data are as follows:
Uplift of Equipment
All IT equipment and data storage media should be removed from client premises in locked containers and transported to a secure facility in unmarked, tracked vehicles. All personnel carry ID cards and senior site personnel should have BS7858 security screening. Equipment should be stored and processed in secure facilities that are equipped with access control system, intruder alarm system and CCTV. All devices containing data should be quarantined and placed in a separate secure area that is used for data eradication only.
Data Erasure & Data Destruction
All electronic data should be destroyed using techniques approved by the UK National Cyber Security Centre (NCSC), as follows:
Sensitive data should be permanently erased from servers, laptops, desktops, hard drives, solid-state drives and smartphones by using specialist data sanitisation software. These include:
- Blancco Drive Eraser 6
- Certus Erasure
- White Canyon Wipe Drive
The total data destruction of hard drives, data tapes and other data bearing devices, should be achieved by. We at DSA Connect offer:
- Degaussing – Our Ontrack® Eraser Degausser destroys 100% of data with a powerful 18,000 gauss magnetic field rendering the devices completely inoperable. Ontrack® is the ideal solution for large volumes or end-of-life magnetic media and, as it is a mobile unit, degaussing can take place on-site.
- Shredding – All devices that have been degaussed and are thereby inoperable and all data obliterated, are then shredded in an industrial shredder
- Disintegrating – Devices are disintegrated using a granulator when there is a requirement for devices and media to be reduced to a particle size no greater than 6mm. This method is particularly effective in the destruction of SSDs whose technical complexity renders many data destruction techniques ineffective for this type of media. The disintegrator is used for all flash media types and this solution offers high levels of safety, including the H-5 level compliant with DIN 66399.
All equipment that has residual value can be re-marketed and sold. The client receives a report of all sales activity (which is cross-referenced against the client’s original asset number, if available) with up to 60% of the net sales price offered as a rebate.
For equipment unsuitable for refurbishment and/or re-sale, a manual dismantling process should be undertaken, and sub-assemblies and materials are then segregated for recycling.
- Only one in five people who work for businesses that are collecting data on customers during the COVID-19 crisis are ‘very confident’ it’s deleted after the required 21 days.
- Just 17% think that the data is held in a very secure way
- Only 48% are confident that customer data collected during the crisis will not be used for marketing purposes
(Edited for Startupanz.com)