Legislation and Confidential Waste
The management of confidential waste and its disposal is covered by the same legislation as general waste. There is, however, an additional factor with businesses and organisations having a duty of care under the Data Protection Act 1998. That means that they have to dispose of the data so that it cannot be accessed by other parties who may come across the information.
General Waste Legislation
General waste management is governed by a number of EU directives and local UK legislation, the main ones being the Environmental Protection Act 1990 and the Waste (England and Wales) Regulations 2012. These state that you have to safely contain or store and then dispose of the waste that your business or organisation produces. This law not only applied to businesses and organisations who work out of an office, but those individuals who also work from home.
Data Protection Act 1998
If you operate a business or organisation that handles the personal data of individuals, then you have a duty of care to protect this. The relevant piece of law is the 7th Principal of the Data Protection Act 1998 which says that business and organisations must take all reasonable measures to prevent accidental loss, damage and destruction of personal data and to guard against the unlawful processing of that information.
That means disposing of items such as paper records and digital data in a safe and secure manner. This all needs to be treated within the category of confidential waste and organisations need to have a strategy in place for managing it. Failure to dispose of data properly can lead to prosecution and the possibility of large fines.
The options for doing this are either to handle the shredding/destruction of the data on site or to give responsibility for doing this to a company who will carry out the relevant stages for you. The consequences of confidential waste getting into the wrong hands can be catastrophic, not only for the individual whose data is used but also for the company who caused the loss in the first place.
Confidential data can include a wide variety of paperwork and digital information. This can include:
- Job applications and CVs
- Staff performance records
- Medical information
- Personal details such as National Insurance Numbers and bank details
- Employee contracts and communications
- Client information
- Invoices and payment schedules
- Legal documentation
- Client passwords and other sensitive information
- Company product development data
- Budget data and strategy documents
- Minutes of meetings
- Telephone messages and diary pages
In the space of a month, the average business will produce a large amount of what is generally considered confidential waste. All businesses and organisations have a duty of care to make sure that they comply with the Data Protection Act 1998 and put in the right policy in place and make sure that all staff are aware of their obligations.
The key to handling confidential waste disposal is making sure you have all the right processes in place within your office and ensure that you choose a collection and disposal service that is licensed to handle this kind of waste. The European standard for handling confidential waste is covered in certification such as BS EN15713 for security shredding which is the minimum you should be looking for when choosing a contractor.
The law requires commercial enterprises and businesses to have a clear audit trail for their waste with transfer notes that show the following details:
- What the waste is.
- Where it was collected from.
- How and where it was disposed of.
Find out more about types of confidential waste.