Insolvency practitioners have been warned they could face huge fines for non-deletion and management of data belonging to the insolvent companies they’re appointed on.
According to DSA Connect, an IT asset disposal company, “unscrupulous” IT disposal companies are failing to properly delete data from devices and are potentially leaving clients exposed.
DSA Connect said it is aware of a leading financial institution that recently had to inform clients that an IT asset disposal vendor’s mistakes could have left personal information susceptible to misuse.
Harry Benham, chairman of DSA Connect, said: “IPs are increasingly busy, this increases the risk of personal data being left on electronic devices that are being sold as part of the liquidation of the assets of the companies that they act for. Legislation around how personal data is stored and used in the UK has never been more robust, as GDPR clearly and firmly puts the responsibility on the owner (or their agent) for any personal data held on its electronic devices.
“The risk of IPs falling foul of GDPR is heightened, as the types and volumes of electronic devices which retain data grows. The increased risk of items being sold containing data could potentially expose the IP to breaches in GDPR which could result in fines and/or compensation, together with brand and reputational damage.
“Unfortunately, there are a number of IT disposal companies in the market place claiming to legally and professionally dispose of data on devices, but we have found that the processes some of them use are flawed and that the data they claim to have deleted can be retrieved.”