In 2009, the US National Archives and Records Administration (NARA)suffered a data breach that lost 76 million military veterans’ records. NARA had sent a hard drive to a vendor for repair. The drive was deemed irreparable and sent onwards for recycling. This case is a good example of the implications that can come from improper handling of storage media. The legal and financial penalties that follow a data breach can bring down businesses.
With businesses handling a lot of digital data, it is quite easy to overlook the proper handling of obsolete data. While the data is obsolete to the business, it is valuable to malicious actors who may intend on identity theft, blackmail, and other nefarious intentions. Secure data destruction is essential and a legal requirement these days.
There are several reasons why a business should choose professional services like data destruction at SPW;
It is a Legal Requirement
Data destruction guidelines have been implemented in many jurisdictions today. The US has the Fair and Accurate Credit Transactions Act of 2003 (FACTA) and Gramm-Leach-Bliley Act (GLBA). Canada has the Personal Information Protection and Electronic Documents Act (PIPEDA and Europe has the General Data Protection Regulation (GDPR).
Both profit and non-profit organizations must handle private data in a manner that does not jeopardize the owner of the data. The GDPR, for example, requires that organizations handling data of European clients not store the data that is needed. Data destruction services provide certificates that show compliance.
The penalties for mishandling private data can be quite steep. The South Shore hospital was fined $750,000 for losing 800,000 medical records on 473 unencrypted storage tapes. This data included names, social security numbers, financial and diagnostic details. The tapes had been shipped to a third party for disposal without being wiped.
Building Brand Trust
Stories of data breaches have become more prevalent, and people are more aware of the need for private data security. Sensitive industries like finance and healthcare rely on trust to build a brand reputation. Knowing that their data is secure is part of the process of building trust in customers.
Some information savvy customers will demand to know how their data is handled once it is no longer useful. A business develops trust in its clients and partners by demonstrating how it does data destruction.
Destroying data mitigates threats that could be harmful to brand reputation. Studies on businesses that have data breaches show that 72% fold up within 18 months. Professional data destruction is just as prudent as having a financial audit.
Freeing up storage space is a way to improve cost-effectiveness for a business, especially a small one. Many businesses keep obsolete computer equipment as they figure out how to get rid of it. In many instances, a temporary arrangement becomes more permanent, which is an inefficient use of the space.
Data destruction is the first step in the proper disposal of obsolete equipment. A professional data destruction service candestroy data without permanent damage to the equipment. Data erasure solutions like secure overwriting do not physically destroy the storage media. A business can make money off the old equipment. Reselling is more cost-efficient than having it dumped in the local landfill.
Data is useful in different ways to different people. For malicious actors, data can be triaged to form a good picture of how an organization works. This information includes who holds what post, contacts, communication formats, and so on. This data is useful in setting up attacks like phishing attacks or business email compromise attacks.
Private data is also useful for malicious actors for blackmail purposes. Sensitive health records and financial information can be used as leverage. The blackmail can be for monetary purposes, giving up more information, or providing access to the network.
Destroying old data denies malicious actors the entry point they need for reconnaissance purposes. There is no leverage for blackmail either. Physical data destruction methods destroy both the data and the storage media beyond reconstruction. Even advanced forensic tools cannot reconstruct a melted or shredded hard drive.
Access to Better Resources
Professional data destruction can be tedious and costly, especially for a small business. The technical resources to handle data destruction to the required standards. For a big business, stockpiles of hard disks and other obsolete media can take much time to destroy. But even big organizations sometimes lack the technical know-how to do a professional job.
A professional data destruction service can also handle the remains of destroyed media safely. Crushed or shredded hard drives, tapes, and optical drives present a hazardous waste problem. Letting professionals handle it is more efficient than in-house data destruction.
Professional data destruction services have dedicated tools and personnel to do data destruction to a satisfactory level. The Certificate of Destruction offered at the end of verifiable data destruction is proof of compliance to the authorities and potential customers.