DiskShred warns of rising PCI-DSS data destruction issues for UK corporates

“Under the PCI DSS rules, if you do not comply with the required standard, you may lose you ability to accept credit and debit cards from your customers – which is arguably far worse than a hefty fine from the ICO” — Philip McMichael, Operations Director, DiskShred


Disk Shredded Data Fully Destroyed

Disk Shredded Data Fully Destroyed

Leading data storage destruction specialist DiskShred (www.diskshred.eu)  has warned UK companies that process credit card transactions – which accounts for almost all SMEs and larger businesses – of plans to dramatically ramp up the security requirements under Version 3 of the PCI DSS rules due later this year.


Developed by the card payments industry in close consultation with the Payment Card Industry (PCI) council, the PCI Data Security Standards (PCI DSS) consists of 12 significant requirements including multiple sub-requirements, which contain numerous directives.


These directives – which apply to most organisations that process payment card transactions – allow businesses to measure their own payment card security policies, procedures and guidelines.


Most experts agree that revision 3 of the PCI DSS rules will see the scope of the rule’s external audit requirements extended to cover many more companies, as well as impose harsher requirements on all companies who accept credit and debit cards from their customers.


According to Philip McMichael, Operations Director with DiskShred, this will impose a far more stringent set of security requirements when companies dispose of their data, especially where the IT equipment has reached an end-of-life situation.


“We’ve all heard the horror stories of customer data appearing on the hard drives of computers sold on auction Web sites – resulting in fines from the Information Commissioner’s Office (ICO) under the Data Protection Act. Under the PCI DSS rules, if you do not comply with the required standard, you may lose you ability to accept credit and debit cards from your customers – which is arguably far worse than a hefty fine from the ICO,” he said.


“Thankfully we can offer an on-site service that provides a hard drive and data storage device destruction facility that conforms to all necessary governance standards – shredding the data storage down to confetti-sized pieces – and providing a complete compliance audit trail, thanks to on-truck CCTV facilities and staff who are CRB checked on their backgrounds,” he added.


McMichael, whose firm has been in the IT asset disposal business since 2001, went on to say that DiskShred has the necessary EU accreditations to do what it does – and a few more besides – which is why almost three quarters of its business comes from repeat or client referrals.


And with other legislation – including the aforementioned Data Protection Act – and the Companies Act, imposing increasing levels of data security duty of care on company directors and their senior staff – there is also the spectre of the Government introducing custodial sentences for individuals who breach data protection laws to contend with.


And this, says DiskShred’s Operations Director, is where his firm’s fully auditable on-site data storage device destruction service can provide a hassle-free way of avoiding corporate angst over breaking the law or required governance standards. It’s also why on-site destruction is essential, “A company needs to be sure its hard drives definitely made it into the shredder without any ‘en-route diversions’ into the wrong hands”, McMichael said.


“Our observations suggest that no matter how effective the data security and destruction rules within an organisation, the human element will always mean that rules can be deviated from – and corners will be cut. People get tired, become bored and even turn to crime depending on the circumstances,” he said.


“This is why we believe that on-site media shredding – to verifiable minimum standards, backed up with criminal background checks on the staff completing the process and CCTV footage to act as the ultimate audit proof,” he added.


“Our approach is the only sure-fire way to prove to regulators, the Police and clients, that the data held on your storage devices is gone forever. So whether you have 50 or 5000 disks to destroy, we can move our trucks on to your site and shred your hardware in front of your eyes.”

Spreadsheets can seriously damage your wealth!

The humble spreadsheet is responsible for more bad business decisions than humans. Spreadsheets regularly wipe off 15% to 20% of companies’ share value. And sometimes wipe-out smaller companies completely. EASA today announces a simple effective solution.

Oxford UK 5 July 2010 – Horror stories in the press about companies having $billions wiped off their share value due to mis-reported financial results are becoming a lot more common.

In many of these cases it turns out that somewhere in the production of these figures a faulty spreadsheet is the culprit.

In fact, research independently published by KPMG, Butler, Coopers & Lybrand and others has reported between 86% and 100% of financial spreadsheets analysed as having MAJOR ERRORS that could seriously affect management decisions based on the results of the complex spreadsheets.

So, although it is only the massive share value affecting blunders that make the headlines, every company using even mildly complex spreadsheets could be at an alarming 86-plus percent risk of major errors.

One recent case involved the C&C Group – the firm that owns Magners cider – and which saw its share price nosedive by 15 per cent after admitting company revenues had not risen by 5 per cent, but had actually fallen by 3 per cent – the reason? Spreadsheet errors.

And prior to this financial headline hitting share price fiasco, the UK’s Financial Services Authority ended up fining Credit Suisse a whacking £5.6 million after FSA officials discovered the bank’s business was less than transparent – the reason? Large spreadsheets with multiple entries, creating a recipe for errors.

Spreadsheets are the favourite tool of managers worldwide, but time and time again, companies in all market sectors are discovering the poisoned chalice that spreadsheets represent.

Now a UK-based company – EASA Software – has come up with a revolutionary solution that finally makes it safe to rely on spreadsheets.

The technology behind EASA was born out of the nuclear industry, to counter the possibility of spreadsheet errors which could have had unthinkable consequences.

According to Mel Glass, EASA’s director of business development, every day sees millions of business decisions being taken based on spreadsheets containing errors.

“This can lead to expensive assets being purchased – or major expenditures sanctioned – which in truth the company’s cash flow cannot afford. At best this leads to reduced profits. At worst it leads to massive negative cashflow and companies – particularly smaller ones – going under,” he said.

But, says Glass, after years of trying, companies and even Business Intelligence Software vendors have finally admitted that they cannot eradicate the spreadsheet.

“People love their spreadsheets. Companies in all sectors have tried to ban or replace them with Business Intelligence systems and all that happens is that employees end up taking the spreadsheet home and using it on their home computer – making the problem worse, not better,” he explained.

And this is where EASA’s solution is in a class of its own. It does not take the spreadsheets away from users – it simply takes away the opportunity for introducing errors. Making spreadsheets safe, reliable and auditable.

“What EASA does is to define a master version of the spreadsheet and hold it centrally, making it available to users via a browser, and not as an attachment to an email or a download from a server,” said Glass.

Accidental and deliberate changes to spreadsheets he explained, can cost companies a huge amount of money, as in the example of the National Australia Bank, which wrote down the value of its US mortgage business by A$3 billion, dragging the bank’s market value down by an astonishing 13 per cent – A$6.5 billion – in the process.

According to Glass, errors in spreadsheets have resulted in the crippling of small and medium size companies, as well as sending larger company stock values soaring and dipping. And this is before we start talking about the severe corporate embarrassment that has been taking place on a significant scale over the years.

Jail time

But, says EASA’s director, corporate governance rules mean that the penalties due to spreadsheet incompetence are set to take on a whole new dimension, as chairmen and chairwomen, CEOs, COOs, CFOs  and financial directors are increasingly being held personally responsible for errors.

The bottom line, he says, is that every senior manager in a major corporation in the US could potentially be threatened with jail time as a result of a relatively simple spreadsheet error.

And with European regulatory rules also being strengthened along the lines of the Sarbanes-Oxley Act in the US – Solvency II being a good example – European business chiefs may soon be in a similar situation.

“Quite simply, these types of errors shouldn’t be allowed to happen as we enter a new decade and with EASA software installed, it won’t happen.

“Using our protective software means that users access the spreadsheet via a special interface that not only reduces data errors, but also prevents accidental – or intentional – changes to the underlying calculations and structure. We call it Web-Enabled Spreadsheets and it works – period,” Glass said.

“Don’t take my word for it, however. You only have to look at EASA Software’s growing list of blue chip customers such as Zurich, General Electric, Procter & Gamble, Hewlett-Packard that use our software to deploy business-critical spreadsheets, safe in the knowledge that every user is accessing the same approved version. This prevents any spreadsheet snafus from wreaking havoc on a major – or even a minor – scale, within their organisations,” he added.

For more on spreadsheet horror stories: http://bit.ly/MVDF9

For a video on how the EASA System works: http://bit.ly/a0Dimh

For the EASA Software web site: www.easasoftware.com


About Turtle Consulting Group

Turtle Consulting Group is a PR Company that specialises in Tech PR.