An organization’s ability to comply with data security legislation has become absolutely critical. Any business that obtains client data has a responsibility to comply with regulations for handling and disposing of that data.
Major organizations have come under scrutiny for non-compliant data destruction and protection of devices bearing sensitive client information. Non-compliance with secure data destruction protocols presents financial and legal impacts—even more so for highly regulated industries such as financial services, government and healthcare, where mishandling of client data can have devastating consequences.
Traditional methods of data destruction are falling short. It is no longer sufficient to take data offsite, throw away devices without physical deformation, wiping and degaussing, or dispose of data without a tracking mechanism to certify the data is properly destroyed. Uncertified degausser tools exist, but without an industrial-strength magnet, the overwritten data can still be retrieved and misused.
Often, the dangers posed by data-bearing devices are hiding in plain sight. Common risks of data-bearing devices include:
◉ You cannot securely destroy what you do not possess. If you operate business on leased equipment, you cannot validate that the data or the data-bearing device is properly destroyed.
◉ More access is more exposure. Uncontrolled access to drop safes or storage solutions means greater susceptibility of data going missing. Drop safe combinations can be shared.
◉ Offsite is exposure. As soon as media leaves a data center, the risk of data loss increases exponentially.
To successfully control the availability of potentially sensitive data, organizations of all sizes and industries have to control the disposal of media that might contain sensitive information. Such compliance requires deep insight into the potential dangers posed by data-bearding devices in your environment and an environmentally compliant solution to mitigate those dangers.
Track, contain, destroy, verify
1. Track data with RFID/PIDs tagging, creating a transparent record of the data through its destruction and removal.
2. Contain data using a secure storage appliance or “smart safe” where access is exclusive to your organization.
3. Destroy data using industrial-grade methods to comply with the government definition of “destroyed”—media rendered smaller than two particles.
4. Verify with a two-person process to avoid potential errors or missed media.
Automating data destruction processes can help streamline the entire process and ensure compliant data handling every time. Using automation, you can electronically track and validate data from the time it is placed in a secure storage container to the moment that it is destroyed, with RFID/PIDs tagging to verify destruction.
Now is the time to evaluate your organization’s data destruction processes and make necessary adjustments to avoid non-compliance. Similar regulations to the European Union GDPR are expected to reach the United States in late 2020/early 2021. New regulations will require all businesses to safeguard client information and strengthen the rules for protecting and verifying that data is securely destroyed.
Source: ibm.com
0 comments:
Post a Comment