How the Data Protection Directives Affect Information Destruction

The European Union, as well as each of its member countries, have adopted clear laws regarding how personal information is collected, stored, processed and protected. These are collectively known as the Data Protection Directives (DPD). Among the many requirements of the DPD, the responsibility to prevent unauthorised access to personal information is among the most important and most severely enforced.

Here are some of the universal DPD requirements that impact how all organisations disposes of information:

1. All organisations are required to prevent unauthorized access to personal information at all time, including when it is discarded where it is especially vulnerable. Most certainly, casually discarding personal information would not be considered a reasonable method to fulfill this requirement and, therefore, in and of itself constitutes a violation.


2. It is required that any third-party contractor or company which is hired to handle personal information is bound by contract to comply with all of the DPD requirements. This means that any company which will take possession of such personal information when it is discarded, including rubbish haulers and recyclers must be bound by such a contract. There is no reasonable expectation that any rubbish hauler or recycler can in good faith ensure their compliance with regulations of which they are incapable of properly implementing. Therefore, when outsourcing the removal of paper, film or electronic equipment it is important to use a company specializing in secure information destruction.


3. Every organisation covered by the various DPD is obliged to assign the responsibility for compliance to an officer of the firm. This individual is legally responsible for the organisations compliance to the DPD requirements and could suffer if extreme negligence or disregard is demonstrated in such compliance.