Data security in the world of e-commerce – where does shredding come in?
In UNTHA UK’s online poll for October, we concentrated on the popular topic of data security. But rather than focusing on the subject of workplace records or the Data Protection Act itself, we drilled down into the public’s perception of e-commerce security risks.
The question asked ‘When shopping online, are you concerned about data security?’ A staggering 82% said yes.
These results are perhaps unsurprising. The media seems to have been dominated by stories of data breaches in recent times. British Gas and Talk Talk are just two of the brands to have suffered data blows in the past few weeks alone. More specifically in the retail sector, The Telegraph₁ reported that Marks & Spencer had to temporarily suspend its website following complaints that some visitors could see other customers’ details when they logged in to their own account. And a few months ago, in May 2015, we read that the beloved Bettys had also been struck by a cyber attack₂.
We don’t want to paint an incredibly negative picture of course. When thinking about the millions of online transactions that occur every year – without a single flaw – passwords, dates of birth, addresses and card details etc, are in fact proven to be relatively safe. But why is the subject of online shopping of such interest to an industrial shredding business?
Because the e-commerce process doesn’t just involve customers filling their details in to an online form when they purchase an item from a website. Of course this is the first thing that springs to mind when someone is questioned about their data concerns, largely because of the media reports we’ve mentioned above. But we have to consider the entire retail process and the other instances when a customer’s details may be used.
Once the order is placed online, a shopper’s details will hopefully be encrypted and submitted via secure channels, so that the retailer can process the items required for collection or delivery. Some of the data may be stored in a secure database, to enable the retailer to continually communicate with the customer, long after this particular purchase is complete. So far, all of the data is stored electronically.
However another potential problem arises when it comes to the delivery of the goods. At this point, the customer’s details are printed onto a packaging label, to ensure the products arrive at the correct destination. Once opened, this packaging is usually innocently discarded of in the household bin (hopefully the recycling one!) Very few households will shred that packaging and accompanying paperwork to destroy their data, which is something that we encourage you to do.
However that’s not all. If the products are damaged, unsuitable or no longer required, they are often returned to the retailer in the mail, usually using helpful pre-prepared returns labels and paperwork. But a large amount of customer data can be included on such material. So, when the returned goods are received, the retailer must take complete responsibility for the secure handling and destruction of this information, under the Data Protection Act.
Last year we secured a brilliant contract to help a national high street fashion and homeware brand with this exact type of project. The client acknowledged the obligation to protect customers’ personal details, and our four shaft RS40 shredder swung into action to fulfil (and in fact exceed) their DIN level 3 requirements. Handling up to 12 tonnes of material a week, the RS40 now ensures the secure destruction of the retailer’s plastic returns packaging and paper labels. The shredded material is then baled, wrapped and tied on site, before being sold as a recyclate commodity.
When it comes to data security, retailers should therefore ensure they think about the confidential waste shredding of printed materials, as well as the robustness of mechanisms to protect information held electronically. If you’d like to speak to a member of our confidential waste shredding and secure product destruction team, please call 0845 450 5388, email firstname.lastname@example.org or complete our short enquiry form.