New research carried out on behalf of the Information Destruction (ID) Section of the British Security Industry Association (BSIA) highlights the worrying approach that schools are taking to sensitive data disposal, exposing gaps in provision that could potentially leave educational establishments open to problematic data breaches and identity fraud.
There is certainly no room for complacency, as 79% of those surveyed said that the threat posed by lost or inadequately disposed of data had either increased or stayed the same over the past 12 months. In addition, 34% of school staff reported that they did not receive training or guidance regarding data protection issues.
The research surveyed the experiences of head teachers, deputy heads, teaching staff, bursars and administrators from nearly 100 schools across the UK, and revealed that their biggest concern was – perhaps not surprisingly – student records at 79%. Some way behind this was financial data at 11.5%, whilst staff details were selected by 5.2% of those who replied.
A concerning fact thrown up by the research is, crucially, that only 34% of schools confirmed that they were using a professional company to oversee the destruction of their confidential data, which means that 66% either were not or did not know. For those who were using a professional provider, just over half knew if this sensitive task was being undertaken by an operator that met the key European standard in this area – EN15713.
Looking at what material was most challenging for schools to dispose of, the survey results were nearly equally split between paper on 47% and data processing related media – CDs, DVDs and memory sticks – on 46%, showing that traditional materials like paper still account for a significant proportion of schools’ data disposal requirements.
The survey also aimed to identify where responsibility lay within schools for ensuring compliance with information destruction requirements such as the Data Protection Act. For this, head teachers held a substantial lead at 57%, more than everyone else combined. Bursars also were prominent, being highlighted as the key figure in 9.4% of cases.
Said Anthony Pearlgood, Chairman, BSIA ID Section: “The results of this survey serve to underline the fact that educational establishments need to place a renewed focus on how they deal with information destruction. Given the repercussions when things go wrong it is imperative that this process is handled in a professional manner and, where it is being outsourced, that searching questions are asked to ensure that any provider is actually working to the pivotal EN15713 standard.
“In addition to the findings from the school-focused survey, we also conducted parallel research to find out what members of the BSIA’s ID Section where seeing on the ground in their dealings with a wide range of education providers in this security-critical area. The education sector is certainly a key market for our members with 87% confirming that they have supplied services to this area over the past year. Of these, 71% said they had seen their business increase or stay the same in this time. Where there was an increase, this was attributed by members to a greater awareness of the risk of data breaches.
“Our members also said that the key decision makers in schools on this issue were the head teacher and bursar, paralleling our separate school survey. With the sector survey we also wanted to find out how education customers had been handling information destruction prior to using a BSIA member. Interestingly our members reported that in their experience 43% of cases involved local authority or general waste for disposal – far from ideal – and, worryingly, only 14.3% of educational establishments were actually relying on a provider of a similar quality level to a BSIA member company. Again, these findings are in line with the school specific survey.”
Watch the video of Anthony Pearlgood talking about the research findings below…[youtube width=”425″ height=”239″]http://youtu.be/zqoc0ACRydQ[/youtube]
For more information on secure data destruction and best practice please visit: http://www.bsia.co.uk/shredding