Imagine this scenario:
Your business is feeling quite philanthropic lately and decides to donate 50 retired computers to a local charity.
Six months later, you see your company’s name on the front page of the newspaper:
Charity worker finds thousands of records containing sensitive personal information on donated computers. Recovered company data is believed to belong to customers who made purchases at [insert your company’s name here]
You can prevent an episode like this by implementing a data destruction policy.
What is a Data Destruction Policy?
A data destruction policy ensures that retired devices and media have their contents securely removed, destroyed, or overwritten so that it is extremely difficult or impossible to later retrieve data.
A data destruction policy affects:
- Mobile Phones: iPhones, Androids, Blackberries, etc
- Hard drives, flash memory devices,
- CDs, DVDs, Blu-Rays, and other tape storage drives
Why Implement a Data Destruction Policy?
Discarding retired desktop computers and laptops without securely destroying their data means they likely harvest a gold mine of personal information and confidential company data.
Pressing delete and sending files to the recycling bin is simply not good enough. With free, basic software online, anyone can effectively undelete everything sent to the recycling bin.
A data destruction policy minimizes the chances of a data or privacy breach and the liability your organization could face as a result.
Implementing a Data Destruction Policy
In order to implement a data destruction policy, all devices and media that are to be retired from an organization’s use should be securely removed, destroyed, or overwritten.
Mobile Phones: iPhones, Androids, Blackberries, etc
Mobile phones usually do not have a standardized way to securely delete or remove their data. However, most phones will have a “hard reset” or “cold reset” button which will remove software and restore the handheld device to factory default settings.
After resetting the handheld, check to ensure that no company data remains on the phone before discarding.
Hard Drives and Flash Memory Devices
Whenever retiring old desktop computers or laptops, it is important to securely overwrite data on their hard drives and flash memory devices.
CDs, DVDs, Blu-Rays, and other tape storage drives
All optical and tape media should be physically destroyed when they are no longer necessary.
Implementing a data destruction policy is a must for all organizations.
Have you had success implementing a data destruction policy? If so, please share your thoughts in the comments below.