The Sarbanes-Oxley Act and other legislation have made data retention a hot topic. But about the flip side of the coin -- what happens when your data has finally served its purpose?
Over the past few years, data retention has become a critical issue for corporations as they take steps to comply with complicated legislation -- particularly, the Sarbanes-Oxley Act. While companies obsess over the retention requirements and boost their storage capabilities, there seems to be a tendency to ignore the flip side of the coin: data destruction.
What happens when your data has finally served its purpose? Sooner or later, you'll need to clean out those storage devices and free up some space. In previous articles, I've discussed how to erase old hardware and wipe data from Cisco routers and switches before discarding them. But these aren't the only devices on which data resides.
How much data do you think your organisation has lying around in old file cabinets or long-forgotten CDs? When it comes to old media, don't throw it away -- destroy it! By destroying any media that the organisation no longer needs, you deny data thieves access to corporate secrets.
In June, the U.S. Federal Trade Commission enacted legislation called the Fair and Accurate Credit Transactions Act of 2003 (FACTA). FACTA targets consumer information, such as the type that credit agencies and lenders collect -- in hopes of fighting the growing epidemic of identity theft. However, it's a good idea to incorporate the principles of this law throughout your company as a best practice for media destruction.
FACTA requires "disposal practices that are reasonable and appropriate to prevent the unauthorised access to -- or use of -- information in a consumer report." But think about this in broader terms: The end result of all data destruction should be to deny unauthorised access to any information.
Of course, the method of destruction varies depending on the type of media in question. Let's look at some of the most common media types and the destruction method for each.
Paper
When it comes to policy and practice, companies often overlook paper as a form of media. However, it's vital to include this category in your overall data destruction strategy.
Stop throwing away reports and sticky notes, and start destroying them. Take steps to destroy all documents and handwritten notes produced as a part of your business as soon as they are no longer necessary to your business. The most common approach for complying with U.S. HIPAA and FACTA regulations is cross-cut shredding that yields a paper fragment of 1mm by 5mm.
1%
4%
