Why Is Data Destruction So Important?
All businesses today depend on data. Everything from financials, to customer contacts, to internal procedures and proprietary information, it all comes in the form of data. When that data is contained in paper records, it's easy to toss it in a shredder and know it's destroyed. When that data is stored on an electronic device or across a network of devices, data destruction gets a bit trickier.
If data wiping or shredding is not done correctly, some data could linger, which may result in a data breach or data leak. Why does this matter? A data breach can have many negative results including noncompliance, brand damage, negative media coverage, loss of customers, loss of revenue, regulatory fines, prosecution, and legal fees.
How to Ensure Data Is Destroyed.
Many people believe that if a file is deleted, it's gone for good, but that's not the case. In fact, the data from your deleted files stays on your computer and is very easy to recover. A recent study conducted by NAID found that 40% of used electronic devices sold on the second hand market contained personally identifiable information (PII) including credit card information, contact information, usernames and passwords, company and personal data, tax details, and more.
Finding a way to properly manage the destruction of electronic data is critical, but often times gets put on the back burner due to lack of time. To avoid this task, many companies just stockpile their old computers and hard drives in a dark, forgotten room in their facility. This is not a secure solution.
When IT equipment is decommissioned, the data should be destroyed and made non-recoverable as soon as possible, whether that is through a certified, verifiable data erasing process or a permanent data destruction solution through shredding. Computer equipment may still hold resale value, so holding on to it too long is only hurting your chance of gaining money back.
Using a certified partner for NIST compliant data erasure or hard drive destruction services is a secure and convenient way to make sure all data is 100% destroyed.
Know Who to Trust: Certificate of Destruction?
A common point of confusion in the data sanitization or hard drive shredding industry is a document called a Certificate of Destruction. Often times, data destruction companies will provide these certificates as a way to prove the quality of their service and ensure data was in fact erased or destroyed. Unfortunately, many times these pieces of paper carry no weight. If a hard drive was found with protected patient information still remaining, the hospital it originated from would be the responsible party, possibly being fined thousands of dollars for violating HIPAA security requirements - even if they had a printed data destruction certificate from a broker or electronics recycling company.
When entering into a data destruction service agreement, it is important to verify what is validating the vendor's resale, recycling and destruction processes to make sure any certificates they provide are indeed official proof of destruction, ensuring complete chain of custody to build an audit trail. Look for industry certifications from e-Stewards or R2, both of which conduct audits and require in-depth security processes and standards.
Without these certifications, companies are putting themselves at great risk.
If your company is looking for a secure solution for hard drive shredding or data wiping in the South Dakota, Nebraska, Iowa or surrounding areas, contact SEAM. Our services keep customers in compliance with regulations including HIPAA, FACTA and Gramm-Leach Bliley. Hard Drive shredding services can be performed onsite at your location or offsite at SEAM's secure Sioux Falls facility. Detailed reporting is provided for all equipment processed for your record keeping.
Don't put your business, your customers, or your community at risk.