If your business deals in any way with sensitive information, be it customer credit card data, medical records, or any other type of private information, then you need to ensure your data is being destroyed in accordance with NIST data erasure guidelines or you may be unnecessarily increasing your company’s liability risk. Due to the complex and time-consuming nature of thorough data erasure and the risks involved with doing it incorrectly, many businesses choose to outsource this task to experienced data destruction vendors.
If you’re unsure of whether or not partnering with a data destruction vendor is right for your business, use our five-point data erasure checklist to see if your company has the resources necessary to do the job right. If you fail to meet just one of the following five points, then you could be risking your corporate liability.
#1 – Risk Assessment
The first thing you need to consider is the type of data your business records. Is it highly sensitive data? Would others find the information valuable? What risks does your business or your customers face should the information fall into the wrong hands? Knowing these answers will help you determine the type of data destruction your business needs.
#2 – Compliance
If your business operates in an industry that is regulated by certain standards or protocols, such as HIPAA/HITECH, FACTA, SOX, GLB, or FERPA, then odds are you are going to have to demonstrate your data protection measures to auditors. When dealing with data erasure compliance, a detailed and auditable report should include a list of all the assets processed including make, model, and serial number, the date of disposition, and the data erasure method used.
#3 – Quality Assurance
Before you attempt to sanitize the data yourself, you need to make sure that your company has the necessary processes and technology needed to perform a comprehensive sanitization. Do you have a way to verify that the drives have been wiped? Even if you want to do the sanitization in-house, you should still have a data destruction vendor perform a quality check and audit of the process to ensure it was performed in accordance with standards.
#4 – Resources
Data erasure takes a lot of time, space, and personnel to perform. A company also needs to have quality assurance and oversight protection measures in place. Does your business have the resources available to manage the scope of such a task, especially when a simple mistake could dramatically increase your corporate risk?
#5 – Value
Does your business really need to accrue the cost of data erasure? The answer to this is usually determined by the business’s overall objectives. For instance, if the equipment is to be reused or sold on the secondary market, then data sanitization is certainly worth the cost because it completely eliminates the data in accordance with NIST mandates while keeping the hard drives fully-functional and safe for reuse. On the other hand, if the equipment no longer works or it has no residual market value, then shredding the hard drives may be a suitable means of destroying the data. Of course, if the data is highly sensitive, then a company can opt for data erasure followed by disc shredding for complete data destruction solution for equipment being disposed.
Ultimately, choosing a reputable data destruction firm, like Liquid Technology, is your best defense against corporate liability risks associated with data sanitization. We are ISO-14001 certified, a member of NAID, and an e-Stewards enterprise and our disc sanitization methods fully adhere to all NIST data destruction mandates. If you are interested in reliable data destruction from a leader in the field, call us today at 800-797-5478.