Improper selection of vendors and ignoring reliable and certified data destruction can turn out to be disastrous, as was in the case of Morgan Stanley Bank, which was fined $60m for the lapse. A statement made by the United States Department of Treasury’s Office of the Controller of the Currency on data breach by US banking giant in 2020 sums up why secure data destruction is crucial:
“Among other things, the Morgan Stanley bank failed to effectively assess or address risks associated with decommissioning its hardware; failed to adequately assess the risk of exercising adequate due diligence in selecting a vendor and monitoring its performance.”
The bank did not properly oversee the contractors it hired to ensure customers’ information had been wiped from the old equipment. Any lapse in personally identifiable information (PII) handling and disposal can be detrimental to the privacy of customers and legal, financial, and reputational loss to a business.
The IDC Data Age 2025 reports that the global data sphere will expand from 33 Zettabytes (ZB) in 2018 to 175 ZB by 2025 at a CAGR of 61%. Growing data would mean increasing concerns for organizations to process and maintain security protocols at all data lifecycle stages.
The protection of passwords and anti-malware and firewall activities is well known in the data security domain. Organizations are taking immense security measures to meet compliance. What gets often overlooked is formulating the proper data destruction policy during IT asset disposition.
What is Data Destruction?
Data destruction is the process of destroying information and physical records like paper documents and the information stored on hard drives, SSDs, optical disks, memory chips, etc. Its purpose is to destroy information such that it cannot be recovered even in a laboratory setting. The process of destruction can be done physically as well as logically. Logical data destruction is also known as data erasure. This is becoming more prominent today as it is more secure, eco-friendly and makes devices reusable for resale in the refurbished market.
Benefits of Secure and Certified Data Destruction
Complete Data Removal
Secure and certified media wiping helps in eradicating the data completely without leaving any traces behind for compromising the sanctity of the data and the device owner. Formatting and deleting generally allow retrieval of data from empty spaces. Secure data erasure would mean that experts and hackers can retrieve no data even in a laboratory setup.
Data at Rest Protection (DARP)
When data is no more usable and serves no purpose, it is known as “data at rest.” This type of data stored on digital devices is prone to malicious attacks. To prevent this data from being accessed, altered or stolen by people with malicious intent, organizations today use measures such as encryption, firewall security, etc. These measures aren’t enough to protect this “data at rest.” Over 70% of breach events come from off-network devices that are at rest. Data destruction is the most secure way to protect such data that is not in use anymore.
Prevent Episodes of Data Breach
Devices that are no longer needed are required to be wiped permanently with a certified data sanitization tool using reliable data erasure standards. Data then remain no more accessible and thus helps prevent any data breach episodes that may result in millions of dollars in penalties.
Helps Meet Compliance with Data Privacy and Protection Laws
Global data protection laws, like GDPR, New York Privacy Law, SOX, HIPAA and Privacy Act 1988, state clear guidelines on the “right to erasure” and the “right to be forgotten.” These laws provide users the right to request the erasure of their personal data, mandating organizations dealing with customers’ data to adopt secure data sanitization practices. Hence, certified media sanitization with complete audit trails has become critical for complying with these global norms.
Eco-Friendly and Sustainable Solution to Resell, Refurbish and Recycle
According to United Nations University, a record 53.6 million tons of e-waste was produced globally in 2019. Secure media sanitization has become the most desirable option for an environment-concerned entity, as it readies old devices for reuse and prevents or lowers the surge of e-waste. More data on the cloud means more data centers with technological advancements. The servers in data centers are constantly upgraded and are decommissioned, too. The loose drives need to be wiped and refurbished accordingly.
Conclusion: Best Methods For Data Destruction
Data wiping is the best way to destruct the data permanently in working devices. In fact, it is a necessity for IT asset disposition companies (ITADs) that deal with bulk refurbished IT assets. Scalable and automated data erasure solutions can help them meet their end customer data sanitization needs to comply with the global data protection and privacy laws and guidelines like R2v3, SOX, GLBA, GDPR and HIPAA. A reliable and certified DIY media wiping tool can help organizations to self-destruct their data at rest.
