Happy National Old Stuff Day!
There seems to be a day for everything, and today Monday 2nd March 2020 is no different.
Today is National Old Stuff day, and although this doesn’t naturally correlate itself to the cyber world, it can serve as a timely reminder. Even from a cyber perspective, we need to remove old software and dispose of old data efficiently and securely using methods outlined by regulators.
Following the introduction of the General Data Protection Regulation (GDPR) in May 2018, there were more stringent rules implemented where it concerned the way data is compiled, stored and managed.
The Information Commissioner’s Office (ICO) and other regulators have come down hard on organisations who have failed in their data protection duties.
The regulations don’t just cover data which is stored electronically, it also covers physical copies of data, which could be included in legal files for example. The ICO set out their stall early regarding the importance of managing, storing and disposing of data.
They fined London-based pharmacy Doorstep Dispensaree Ltd £275,000 after they left approximately 500,000 documents which contained personal patient information around the back of the pharmacy in containers.
Under GDPR, clients can now ask firms to delete their data, if they feel the company no longer needs to hold it. They can also ask firms to delete data if the client feels the firm has used their data unlawfully. For example, passed it onto a third party without permission.
Article 5 (e) of GDPR states:
“personal data shall be kept for no longer than is necessary for the purposes for which it is being processed”
Disposing of ‘old’ personal data can throw up some challenges. If the information is paper based, disposing of it by shredding or burning is the most popular as it makes it extremely difficult for the information to fall into the wrong hands.
However, cyber assets can prove a little more difficult. Just deleting the file may not mean the asset has been completely erased. Files can stay in the ‘bin’ for some time before it is deleted. Sometimes, erased files can still be accessed for a period of time, in case of accidental deletion.
The ICO recommends you come up with an asset disposal strategy, so everyone in your organisation is aware of what they should do, should the need to dispose of digital assets. More information can be found here.
Having old software on our computers, not only takes up valuable space, it could result in our machines running slowly. It can also leave you vulnerable to cyber attacks, as the usually outdated software can leave your cyber door ajar for cyber criminals to sneak through.
Regularly updating your software, and removing the old can help to keep your computer healthcare in tip-top condition.
So, the link to National Old Stuff day, can seem weak. But it’s always good to be reminded about processes that we should be considering when it comes to protecting our cyber infrastructure regularly.
Although there are no regulations policing the removal of outdated software, the GDPR regulations are stringent when it comes to protecting personal data.
Over recent months, we’ve seen some high profile GDPR fines being issued, Dixons Carphone received a £500,000 fine, and the hotel chain Marriott International faced an intended fine of over £99m. The regulators are continuing to make examples of organisations who breach data protection and GDPR laws.
By tightening up the way you store data, could prevent you from falling foul of a data breach.