Our world is becoming increasingly data-driven, and as a result, vast amounts of data are being gathered every day. This data can often include personal and/or sensitive information regarding consumers and clients. In an effort to protect the privacy of internet users, governments around the world are introducing regulations and laws intended to protect privacy.
These laws envisage crippling fines for companies that do not abide by them. It is all too often thought that the responsibility for data safety and security only relates to data that is being actively used; however, inactive data sets are also protected under law. This gives rise to an important question: how can companies responsibly destroy data when they no longer need it?
Why is data destruction important?
Data destruction refers to the complete destroying of existing data. It is important to differentiate between simply deleting data and destroying data. It is vital that companies implement a reliable and proven data destruction policy so that data that is no longer required is destroyed fully and thus rendered useless.
Data and privacy protection legislation like the European GDPR holds data users (companies and/or individuals) responsible for the safe use and storage of the data that they have. This extends to both active and dormant data sets. The legislation also requires that data must be disposed of in such a way that it is irretrievable, and companies must be able to prove that they have done everything reasonably possible to destroy data fully in order to discharge their responsibilities under the law. Noncompliance with these regulations can result in the issuing of crippling fines that can force a company out of business. In addition to this, companies also face a big reputational risk should a data breach occur.
Is deleting data enough?
No, simply deleting data from hard drives and other storage mediums does not constitute data destruction. Although it may seem like deleted data has been destroyed, it is, in fact, still possible to retrieve deleted data from hard drives. Should a hacker gain access to old hard drives and manage to restore deleted data, the company could still be held liable for not destroying the data properly.
How can data be deleted securely?
Since storage mediums like hard drives are expensive, companies may wish to recycle drives and use them to store new data. In this case, it is important to make sure that the data is deleted from the drives by using specialized software that can completely destroy the data by overwriting the data with meaningless ones and zeros. By following this procedure, a company would be in the clear when it comes to laws like the GDPR, and as added insurance, a certificate that proves that the data destruction procedure has been carried out successfully can be issued by professional data destruction companies.
Key elements of a good data destruction policy?
While it is clear that a good data destruction policy is important, what exactly constitutes a good data destruction policy might not be so clear. Some of the key parts of a good data destruction policy are:
Tracing: Tracing allows data managers to keep track of exactly where storage mediums and the data they contain are. This is essential because it makes it possible to verify that all hard drives and/or other storage mediums are accounted for. Tracing is also useful in situations where storage mediums leave the direct control of a company, for example, when they are sent for destruction or data erasure. By having a log with serial numbers, data controllers can verify that all the storage mediums have been returned.
Access control: Access control is important in every aspect of data management, but it is especially important when it comes to data destruction. It is not unheard of for physical drives to be swapped out or stolen during transport, and therefore it is important to make sure that drives are always stored safely and securely.
Data destruction is an often-overlooked part of a company, but it is vital for those who wish to minimize the risk of data breaches. Implementing a good data destruction policy today can save you a lot of trouble further down the line and avoid potential financial implications.
Milica Vojnic is a Senior Digital Marketing Executive at Wisetek.