3 Principles of Personal Information Retention and Disposal

If your business requires you to retain your customers’ personal information, you have legal obligations to meet. One of the most crucial is ensuring that your customers’ personal information is disposed of safely and responsibly.

To help make sure you don’t run afoul of any regulatory entities, here are some key principles of personal information retention and disposal.

1. The Devices Storing the Information Are as Important as the Information Itself

Mishandling sensitive customer information, whether by mishandling the information itself or a device the information is stored on, can result in hefty fines and reputational damage.

For example, Morgan Stanley was recently fined $35 million $35 million by the Securities and Exchange Commission (SEC) for improper removal of digital storage devices containing sensitive personal information. The underlying lesson here is that using the right storage devices is vital for keeping customer information safe.

By overlooking the importance of properly managing their storage devices, many companies put their customers’ information in peril and open themselves up to fines, litigation, and irredeemable harm to their perceived trustworthiness.

No matter what industry you work in, hardware containing sensitive information must be properly wiped before it’s reused or disposed of. If the information isn’t removed completely, it could be vulnerable to unauthorized access.

Unfortunately, many business owners don’t understand this and end up tossing or reusing hard drives with sensitive information and risking the safety of their customers in the process.

2. Oversight Is Essential

Many organizations leave their data disposal to their IT department. This can be problematic if your IT department decides to contract with a third party or attempts to handle data destruction on their own. Instilling proper oversight is essential to keeping your customers — and your company — out of trouble.

Rather than leaving the task to a particular department and washing your hands of it, make sure your management team is versed in every aspect of the operation so they can personally approve suppliers, disposal methods, and other pivotal decisions.

3. Always Choose the Right Third-Party Contractor

When selecting a third-party contractor, it’s important to select someone with a solid reputation. Industry certifications like NAID AAA, R2 and e-Stewards are a trustworthy way to confirm a vendor has a comprehensive risk management system alongside responsible and secure processes, procedures and standards.

Remember, even if you hire a third-party contractor to dispose of your customers’ personal information, your business is ultimately responsible if any of that information is compromised. So be sure to put in some time and effort researching the companies you’re considering working with.

Need Help with Your Data Disposal?

If you need help with data disposal in the Midwest, reach out to SEAM today. We specialize in data destruction, onsite shredding, electronics recycling and remarketing. Our service areas extend across North Dakota and South Dakota.

In addition to providing top-tier, reliable service, our team of experts is trained and knowledgeable in the art of safe and compliant data disposal. Contact us today for more information.