The Danish data protection authority has announced that it has itself suffered a personal data breach.
It found that some of its waste paper, containing confidential and sensitive information which should have been shredded, had been disposed of as ordinary paper waste. This paper contained personal information about citizens and employees that was stored electronically in its systems, but had been printed by employees when they needed to discuss a matter internally or proofread a draft letter or note.
This material was subsequently thrown into a container in the belief that this paper waste would be shredded. However, instead, it was taken for ordinary recycling.
The breach had been going on from February to August, (although from mid-March to mid-June all employees worked from home due to COVID-19 pandemic).
Unfortunately, to make matters worse, the breach was discovered by an employee who reported it – but not within the required 72 hours! As a result that employee has been reprimanded.
This personal data breach shows that anyone can make a mistake. It also shows that many people print and dispose of documents without giving adequate consideration to the potential security risk. This data breach could easily have been avoided, but it seems that, for many, hard copies are still easier to ‘digest’.
All organisations should encourage employees not to print documents simply because it is convenient to them to do so.