When it comes to the management of data, especially the physical management of confidential data which is obsolete, ensuring that you have a risk-free, compliant and secure method for its management and disposal is fundamental. Organisations that fail to appropriately address data management and data disposal run the risk of data breaches, regulatory violation and noncompliance – all of which are damaging to brand reputation.
There are of course, numerous data erasure and data destruction methods an organisation can employ. Some data destruction methods are more secure than others, but in an industry where data recovery from destroyed devices is completely possible, opting for the most comprehensive data destruction method of complete data erasure would be most prudent.
While data destruction and IT asset disposal are heavily regulated and compliance minefields, whoever deals with the overall data destruction process is ultimately accountable.
To help convey the risks associated with data disposal and erasure, we’ve evaluated three data destruction methods from those with the highest risk to the most secure and effective.
High risk: Third Party Erasure / Destruction – Off-site
Presenting the most risk to organisations is third party erasure and/or destruction off-site. Before enlisting the help of a third party you must:
Ascertain their credibility:
There’s always the possibility that the third party may be fraudulent or not qualified to manage the data erasure process. Take the necessary steps to find out whether or not the provider is indeed legitimate and can actually carry out your data destruction requirements.
Determine what software they use for erasure:
The software they use will ultimately define how comprehensive the data erasure / destruction process is. If they are not using regulatory compliant software, there’s the possibility that some data may still remain, or be recoverable.
Find out how quickly the data will be destroyed:
Data should be erased and/or destroyed promptly. Delays could be an opportunity for individuals to make copies of the data prior it being destroyed or indeed theft or loss of the data bearing media. Whenever confidential data exits a site to be destroyed, there is always an element of risk.
You could mitigate risks and streamline the process by degaussing prior to uplift, but this would add additional costs and has an element of risk as well.
Alternatively, you could do the data erasure on-site.
Medium risk: Third Party Erasure / Destruction – On Site
Presenting a medium level of risk is third party erasure and/or destruction on-site. While on-site data erasure and destruction comes with the added benefit of witnessing the destruction (ideally), it still has the complications associated with high risk data destruction.
In addition, if you, or anyone in your organisation cannot personally attest to seeing the destruction and erasure of the data, how do you ensure that it’s been completely eradicated? While on-site data removal is slightly more effective than releasing data off-site, it still isn’t the comprehensive, compliant solution your organisation needs.
Low risk: DataRaze – Outright winner
A low risk data disposal and erasure solution is built around your requirements. Rather than outsourcing the activity to a third party which may not be trustworthy or reliable, you utilise your own staff. The low risk solution is DataRaze, not only are you able to witness the destruction and erasure yourself, you are also provided with a photographic record and a video record of it taking place, ensuring there is a complete audit trail for compliance.