Meeting New DoD Standards for Destroying Unclassified Information

You may be most familiar with the U.S. Department of Defense (DoD) as the government group responsible for managing our country’s military forces.  However, this department also sees to the security of our nation by creating rules pertaining to information security.

Generally speaking, businesses in the private sector are not legally obliged to follow DoD guidelines, since they’re not typically dealing with data that impacts national security, but guidelines related to unclassified information can still benefit companies.  Your South Dakota business can use these guidelines to shape your own data security policies, going the extra mile to protect your customers, employees, vendors, partners, and your company at large.

In March of 2020, the DoD released new guidelines for the “designation, handling and controlling” of controlled unclassified information (CUI), from creation and use, through records management and data destruction.  What do these new rules entail and how can you use them to the benefit of your business?  Here’s the skinny on DoD Instruction 5200.48.

Rules for Safe Handling of CUI

The guidelines spelled out in DoD Instruction 5200.48 Controlled Unclassified Information (CUI) are applicable for government agencies dealing with a range of CUI, but businesses can use them as a way to shape their own policies for handling sensitive data of all kinds, especially when it comes to disposing of data.  What do the new DoD standards entail?

Section 4.5 of the document, entitled “Destruction”, states that documents must be disposed of in a manner that renders them “unreadable, indecipherable, and irrecoverable”, and further goes on to state that any laws, regulations or policies specifying methods of destruction should be followed.  What does this mean for businesses?

As it turns out, the destruction of consumer data is subject to privacy laws, and in some cases, to specific regulations like FACTA, HIPPA, and GLBA, for example, that spell out approved means of disposition.  For data stored on hard copy, proper wiping or shredding of hard drives is required.  For paper copies, you’ll need to shred documents, following rules for the type of equipment used (cross-cut) and even the acceptable size of paper remains.

How to Safely Dispose of Confidential Data

The best way to dispose of any confidential data your company creates or receives is to work with a certified ITAD service provider in compliance with renowned oversight bodies like R2 and eStewards and that complies with data security standards like NIST SP 800-88r1 for hard drive destruction, as well as all special rules and regulations related to industries like finance, healthcare, education, and more.

It can be difficult to keep up with changing technologies and the rules and regulations designed to keep data secure.  As a business owner, you need to partner with an ITAD provider that stays up-to-date with legal compliance on your behalf and offers the shredding and wiping services designed to properly dispose of data in both physical and digital formats.  This is the best way to keep your company and your customers protected from data theft and identity breach.

If your South Dakota business needs assistance with IT asset disposition and document shredding, contact the experts at SEAM today at 605-274-7326 (SEAM) or online to request a quote.