Simon Clayton: Take out the papers and the trash

Simon ClaytonReftechData protection
Stock-phone-new-resized.jpg

Simon Clayton, chief ideas officer at RefTech, on the importance of ensuring sensitive data is deleted completely.

 

We live in a busy world, and the transient nature of our industry can mean that we are quick to move on to our next event. But before moving on, it’s worth making sure that your policies and procedures include tying up some loose ends.

 

It can be tempting to keep registration data indefinitely because you never know when you may need it, but the more data you have stored, the more likely you are to be hacked – especially if it is spread out on multiple servers. If you keep data longer than you need it, you will also be in breach of data protection laws, so make sure you have a data deletion policy and that you stick to it.

 

When you do delete data, ensure it is done properly. Last month Blancco Technology Group purchased 200 second-hand hard disk drives from websites (including eBay) and found that two thirds (67 per cent) contained personally identifiable information and 11 per cent contained sensitive company information, including social security numbers, CVs, company emails, CRM records, spreadsheets containing sales projections and product inventories.

 

Two in five of the drives (36 per cent) did show evidence of an attempt to delete data (either by dragging files to the Recycle Bin or using the delete button) – but data can be easily recoverable so this information was still available to see by anyone who had just a smidgen of technical knowledge. Out of the 200 hard drives only 10 per cent had done the right thing and had a secure data erasure method performed on them.

 

To avoid this scenario, use a professional data processing company and ask them to confirm in writing that your data has either been deleted or ’put beyond use’. Deletion must mean that the data genuinely no longer exists. It should not have been dragged to the trash, remain visible behind a URL, or reside on cloud storage as part of the organisers’ archive.

 

The concept of data being put beyond use covers situations where, for example, data on physical media has been deleted and overwritten with new data, or paper files are in a secure warehouse awaiting shredding. Put beyond use means no one outside the data controller has access to the data, and no one, including the data controller, is actually processing it. If a data processor failed to delete your data as promised, having written evidence that you believed in good faith that your data had been deleted or put beyond use would afford you some protection.

 

Back ups are another issue to think about. Most companies back up their data – so even if data has been deleted, it may still be available via the company’s back up system. Data theft from backups is almost always the result of preventable human error. In 2007, HMRC famously lost two CD-ROMs containing the backup data of all UK families claiming child benefit.

 

The records contained information on an estimated 25 million individuals - nearly half of the UK’s population. The CDs were sent through HMRC’s internal courier service without proper encryption and using only easily broken password protection. While the CDs were never located and the data apparently never compromised, the damage was done. Every family in the UK had to be put on fraud alert.

 

HMRC’s internal data protection manual, at the time of the 2007 data breach, was restricted to civil servants; the junior staff who, as in any organisation, did the actual grunt work had only been given slogans about respecting confidentiality.

 

So have a data deletion policy and ensure that all of your events staff, including zero-hours contractors and volunteers, have training on your data protection procedures.

 

For more information and advice on data protection within the events industry, download our free white paper:

 

www.eventreference.com/promo-www/datasafety/download.php

 

 

Simon Clayton
Posted by Simon Clayton
PopularComments
Twitter Facebook Google+ LinkedIn

Related Stories

Entry is open for EN30/30 2017!

Nominations for this year’s EN Thirty Under 30 are now open, as EN looks to recognise the most talented individuals involved in the exhibition industry aged under 30.

AEO and SISO launch Independent Organiser Network

The Association of Event Organisers (AEO) and the Society of Independent Show Organizers (SISO) have entered into a reciprocity agreement following a meeting between their members last month.

Future releases interim results

Group revenue is up for media platform Future plc, which has released its financial results for the six-month period ending 31 March 2017.

Others on EN

Show or tell?

Show or tell?

Roopi Woodall, marketing manager at the QEII Centre, asks if the art of conversation on social media is dead – and how to engage with audiences if that’s the case.
You get what you ask for

You get what you ask for

Sue Berry, managing director at TimelessTime Ltd, discusses the importance of people metrics and measurable objectives.
The Anti Cyber Attack Checklist

The Anti Cyber Attack Checklist

Following the global cyber attack on 12 May, event tech supplier RefTech has compiled a checklist for individuals and companies to follow to help them reduce the risk of future attacks.

EN Awards Highlights

silverstream.tv

Most Read Stories

Fit for the 21st century

Fit for the 21st century

Andrew Harrison, ESSA director, says we should always fight to bring talent into the industry and encourage an appetite for success.
I'm a believer

I'm a believer

Sam Cande, group commercial director at Centaur Media, says no secret sales technique can compete with belief in a product.
Lourda Derry: Making the connection

Lourda Derry: Making the connection

Lourda Derry, director of Easyfairs UK addresses the science behind operations and the profile of our audiences.

Latest News

Entry is open for EN30/30 2017!

Entry is open for EN30/30 2017!

Nominations for this year’s EN Thirty Under 30 are now open, as EN looks to recognise the most talented individuals involved in the exhibition industry aged under 30.
GES to tackle charity bike race

GES to tackle charity bike race

Over the bank holiday weekend nine GES employees will be attempting to cycle the 350 miles from Amsterdam to Coventry in aid of the Help Harry Help Others charity.
Thorns secures Boat Show contract

Thorns secures Boat Show contract

Nationwide events and exhibitions hire contractor Thorns has secured a new three-year contract with Britain’s biggest boating festival, Southampton Boat Show.

Latest Features

Students: Pests or guests?

Students: Pests or guests?

It’s a question all organisers have to address – what should my show’s relationship with students look like?
Flying the nest

Flying the nest

Ever thought about going freelance? Do you have what it takes to go solo? Three event professionals tell EN their stories of building their own businesses.
Spreading the word

Spreading the word

With Global Exhibitions Day just a couple of months away, EN asks what three global exhibition associations are doing to celebrate this year.

Latest Galleries

drp's Interactive Expo

drp's Interactive Expo

drp worked with The British Army in Education to produce an interactive exhibition stand at the national Big Bang UK Young Scientists & Engineers Fair on 15-18 March 2017 at the NEC.
Grand Designs Live 2017

Grand Designs Live 2017

The 13th edition of Media 10’s Grand Designs Live returned to ExCeL London from 29 April to 7 May, featuring more than 500 exhibitors across six key sections. Grand Designs star Kevin McCloud one again hosted the nine-day exhibition.
Insomnia60

Insomnia60

Over 50,000 video game fans from across the country descended on Birmingham’s NEC on 14-17 April for Insomnia60, the UK’s largest gaming festival.