It is becoming increasingly important to manage and protect customer data with strict security measures at every point of entry, storage or access. Data from consumers is now the world's most valuable resource, often called "the oil of the digital age" so it is only right that more stringent compliance, legislation and best practice processes are implemented to protect consumer and company data. The consequences of failing to do so can be severe.
Over recent years, we’ve seen a steady stream of news stories publicising large-scale data breaches and data leakages from some of the world’s biggest firms. Each case leads to severe consequences for public trust, real concern for the individuals who’ve had their data leaked and often massive financial penalties to those companies responsible. Lessons have been learned and the focus on data protection has strengthened, but companies large and small must have an ongoing duty to uphold security consciousness throughout all operations.
It is imperative to ensure that the collection of data and management of that data is done properly to avoid data breaches and the loss of customer trust that follows. Additionally, your business will benefit from effective customer data management. Critically, correct data management should also provision for the safe destruction of data when it comes to decommissioning and disposing of your redundant IT equipment and devices.
Implications of Improper Disposal
A robust and detailed Data Policy is a necessity for any business that holds or stores employee information, customer information, consumer details, company financials and any other personal identifiable information.
The main element of any data handling policy is to protect critical information from unauthorised access. This is applicable at any stage of the data’s lifecycle, so naturally this also means that considerations must be made for the proper disposal of redundant storage devices and data bearing media, in such a way that the data cannot be read or recovered.
Is it possible to "restore" already disposed data?
If devices are not correctly sanitised or physically destroyed by industry-approved methods, it is possible that your data is still at risk from improper methods of disposal.
Imagine you’ve shredded a document in a shredder. You would feel that you have taken the necessary steps to protect the content. It is possible though; albeit challenging and time consuming, to reassemble the strips of paper and read what the document contained. It is even possible to speed up the process and use software to realign the strips into full, readable documents.
In much the same way, using an off-the-shelf data erasure software that does not meet the correct levels of security standards nor the enhanced methods needed to render data entirely unrecoverable could leave you vulnerable to potential data recovery and misuse.
The consequences of a single error by an employee in the absence of a unified disposal policy can be devastating for the livelihood and reputation of a business. In comparison to the cost of having that data fall into the wrong hands, the effort and marginal investment involved in implementing a secure data destruction program are minimal.
This is why best practices in the UK are to use a specialist organisation to build your Data Policy and a professional secure destruction provider with guarantees of reliable data destruction.
Through the use of industrial shredding/destruction equipment, secure vehicles and secure facilities, professional data destruction companies are capable of systematically destroying all types of data. In addition, they are also able to ensure that the shredded material is transported and correctly disposed of safely.
Avoiding the Risk of Data Breach
Many companies overlook the importance of data disposal when managing data. The act of destroying data is designed to prevent it from being read, from being accessible and to remove any possibility of recovery. Unfortunately, not disposing of data properly sometimes can result in serious consequences including data breach:
The most common breaches occur as a a result of:
Laptops, devices and drives being accidentally misplaced or lost and with poor security protocols in place. Poor or ineffective hardware disposal - laptops, USB’s, CPU’s etc not being correctly destroyed Devices being sold on the second-hand market which have not had the data sufficiently removed
The proper disposal of data is imperative to prevent these things from happening. To securely dispose of information, one needs to understand where and how it is stored, the nature of the storage or device type and how it can be suitably disposed of.
As a reminder when destroying data, here are some other important considerations:
You should draft contracts that require you to destroy all data, including backups, temporary files, and copies, when they are no longer needed for their intended purposes.
Consider whether the device can be reused following data sanitisation and if your company policy will allow this. Alternately, hard drives and other storage media devices such as CDs, DVDs, and Blu-ray discs should ideally be shredded or physically destroyed by crushing or other means.
Data destruction of electronic copies generally involves the use of media sanitization. The simple deletion of data is insufficient, as it still exists on the drives and can still be recovered if not overwritten. Data on electronic media devices are irreversibly destroyed with media sanitization.
Physical destruction of hardware is sometimes necessary. External specialist businesses can often be consulted for this, which can be done on-site as well as off-site. The person in charge of disposing data within the context of the company will need to certify that the data was destroyed.
FGD offer a suite of Cloud-based IT software consultancy and security products, designed to assist your IT team with the increasing challenge of data policies; storing, managing and transferring data. When it comes to disposing of your redundant data-bearing assets and devices, FGD’s ITAD services will provide you with the full auditing and data destruction certification needed.
To find out more, give one our experts a call on 0330 390 753 or visit our website at www.fgd.co.uk