Information Security: Laws Require Secure Disposal of Information in All Forms; Using BS 8470:2006 for Compliance

Many information security incidents have occurred through non-technical means by simply and thoughtlessly throwing away printed documents into publicly-accessible trash bins, or even putting computers and sensitive documents out on the streets. I have blogged about this several times, such as here, here, and here.


The U.S. has the FACTA Disposal Rule plus other laws that include requirements for safeguards for proper disposal. But such rules are also found, and are emerging, in other countries.
For example, the United Kingdom (U.K.) has the Data Protection Act that includes, among other safeguards, that confidential information be securely disposed of. The new British Standard for the secure destruction of confidential material, BS 8470:2006, applies to confidential information in all its forms and supports compliance with the Data Protection Act. It requires companies to dispose of confidential information by shredding or disintegration. Confidential materials include such things as paper records, computer hard drives, CDs/DVDs and even company uniforms.
If you want to outsource your sensitive information disposal, look for information destruction vendors that are validated to be BS 8470 compliant. This will confirm that they are transporting, storing and destroying all types and forms of sensitive information according to the requirements of the Data Protection Act and other laws with disposal requirements.

Tags: , , , , , , , , , , , ,

Leave a Reply