It’s important to have a secure disposal plan in place for getting rid of sensitive electronic records.
A lot of organizations don’t.
64% of respondents in a 2009 survey cited in Information Management magazine didn’t have formal procedures or know if or how the destruction of electronic records were managed.
That not only increases the risk of a security breach, but it’s also against the law.
Privacy laws in North America specify that all sensitive documents are disposed of securely when they’re longer needed. What exactly does that mean for e-media?
In the United States, regulations like the Health Insurance Portability and Accountability Act (HIPAA), Fair and Accurate Credit Transactions Act (FACTA) and Gramm-Leach-Bliley Act require you to destroy or delete electronic files or media so that information cannot be read or reconstructed. In Canada, Personal Information Protection and Electronic Documents Act (PIPEDA) regulates how electronic files or media should be handled.
But it’s really not as simple as deleting or erasing information. Powerful forensic software may be able to recover ‘deleted’ or ‘erased’ data. MIT tested this theory and found that 92.4% of sensitive information that had previously been deleted or erased from 158 hard drives was in fact recovered!
How can you be sure sensitive data on old computers is protected and truly destroyed when it’s no longer needed?
Crushing or shredding hard drives and e-media is in fact the most secure method. When e-media is shredded and crushed, all data is 100 percent non-recoverable.