New ICO Guidelines on Data Deletion

The UK's Information Commissioner's Office has published new guidelines on how to delete information from computers, laptops and other electronic devices. Aimed at organisations selling or disposing of hardware, the guidelines stress the importance of properly deleting any personal information so that it cannot be accessed by anybody else either by mistake or for malicious purposes.

Personal data can be stored on any device with a permanent memory, including desktop and laptop computers, external hard drives, games consoles, mobile phones, tablets, faxes, printers, and removable memory such as that found in digital cameras. When deciding what to do, organisations need to consider the type of media the data is stored on and whether or not this is easily accessible.

The guidelines come as the UK regulator also announced the NHS has been fined for a serious breach of data protection. The Aneurin Bevan Health Board (ABHB) has been issued with a penalty of £70,000 after a sensitive report - containing explicit details relating to a patient’s health - was sent to the wrong person. The incident occurred in March last year.

Commenting on the breach, the ICO’s Head of Enforcement, Stephen Eckersley, reminded the health service that it “holds some of the most sensitive information available… it is therefore vital that organisations across this sector make sure that their data protection practices are adequate.” He also called on NHS organisations to stand up and take notice of this decision if they wish to avoid future enforcement action from the ICO.

The impact on the UK economy from identity crime is estimated to be £2.7 billion per annum and it is believed that identity crime affects 1.8 million people every year.