Data Destruction Best Practices
January 19, 2016
Posted by inConfidence

Today’s data is often stores in hard drives, whether in a form of a portable USB or the ones that are stored within the hard drives.  Gone were the days of stockpiling data in papers that consume too much space and logistics requirement.   However, data storage has its own limitation.  Sometimes, you have to discard hard drives to make way for new data or new files. Data destruction therefore is imperative.

Corporate data is a vital component in a company’s survival.  It contains information that pertains to its earnings, operation, administration, and logistics.  These types of information must be handled carefully and with the highest sense of confidentiality. Corporate espionage and misrepresentation of the company name are just some of the things companies must always be in the look out for.

Data destruction nowadays is often lackadaisically handled by poorly trained employees.  Soft copy of the records that are said to be in the archive are disposed of in the trash bins, thrown away in water ways (which is worse because it ends up as a pollutant), or crushed in the hope of destroying the data inside, other than physically disposing the storage device.

According to a lecture by Ben Rothke, data destruction is an important part of securing your data systems.  He called it ”Sanitiziation.”  He implied that it must be an inherent part of a company’s policy to create its own sanitization process as a part of the corporate data’s life cycle. In his lecture, he described some of the ways in which vital information may leak to other competitors or just plainly be brought into public viewing, which is obviously a risk to company prestige and security.

There’s a plethora of chances data can be maliciously hacked from a hard drive.  A simple visit to the repair shop or a mere warranty service can spell disaster to corporate files if not sanitized properly.

Misinformation about data sanitazation is perilous to a company’s security.  Mere deletion of files or emptying trash bins simply won’t do.  It is not a common knowledge that a software exists that can recover data in a hard disk even if “technically” the files were all deleted.  Professional photographers use this software to recover past photo shots that were deleted from their SDs.  Deleting data from a computer and transferring it to a recycle bin, or even “emptying the recycle bin” merely hides the data away from sight and usage. Be aware that once data is stored in a device, it is written there forever unless proper sanitization is accomplished.

Proper data sanitization involves three process: clearing, purging, and destroying (Ben Rothke).  Over writing a data is an example of clearing.  Purging on the other hand is protecting your data from technically trained personnel which intends to malign your office by copying your data.  Destroying involves physical disintegration of the storage device to the point where data is unrecoverable.  It is important to note that data storage devices can be resilient.  There had been a lot of instances when storage devices were burned, crushed, or soaked in water or some chemical substance and yet almost all of the stored data was recovered.

Physical destruction methods can always be done and is almost always the cheapest way.  If your company cannot handle the complex process of data sanitization such as

purging, degaussing, or hardware based-disk sanitizations; you can always outsource from other technically able and competent companies.  Should you choose in-house sanitization, it has its own advantages and disadvantages (Ibid).

Advantages:

1. Security –  because data never leaves your office

2. Data is destroyed by your own trusted employees

3. Full control of what to delete and what not to.

Disadvantages:

1.  Expensive

2.  Staff with overlapping duties may miss some process or worse, may misplace device

3.  Disposal of residual material (usually pollutants) is your responsibility

4.  Will eat up space in your office or building

5.  Requires good Quality Control to be efficient.

Outsourcing data sanitization likewise has advantages and disadvantages.  It may entail cheaper prices and less hassle to the company, but the glaring risk of corporate espionage and sabotage is much greater.  Once data is compromised, the company looses almost everything. The safety of data storage devices and their security from compromise is priceless.

GO BACK TO BLOG