Are you managing data sanitization properly? Every time you retire a computers, laptops, tablets, smartphones, portable media, printer or other digital device a strict protocol needs to be maintain for data sanitization. Data sanitization is the deliberate, permanent and irreversible destruction of data stored on digital devices. This makes that data unrecoverable and maintains your security and regulatory compliance. When not properly sanitized, remnants of your sensitive data such as: intellectual property, PII (Personally Identifiable Information) PHI (Protected Health Information), credit card numbers, financial information, databases, passwords, certificates, etc. remain on these devices. All of this data is very dangerous in the wrong hands and can lead to data breaches, failures in regulatory compliance and loss of IP/trade secrets. Fundamentally this can translate into real-world effects on your business reputation, brand and tangible financial costs. In most cases, organizations overlook this critical need to properly sanitize devices once they retire them. Let’s explore some of the ineffective sanitation methods that put your organization at risk.
Many methods fail to properly sanitize your IT assets of sensitive data and put your organization at risk such as: Deleting Data, factory reset, data wiping, data formatting, data purging, etc.
Many organizations assume that simply deleting data, formatting disks or factory resetting devices provide proper security and compliance of their retired devices — but they do not. A recent study by Blancco Technology and Ontrack analyzed 159 used hard drives purchased on an Ebay found 42% of the devices contained sensitive data and 15% contain PII (Personally Identifiable Information.) Small companies and corporations often resell or recycle directly or through 3rd parties but don’t always assure the data sanitization is properly accomplished. This failure can lead to data being stolen and compromised leading to compliance/regulatory failures, fines and real-world financial impacts.
In the United States a variety of regulations such as HIPAA (Health Insurance Portability and Accountability Act); FACTA (The Fair and Accurate Credit Transactions Act of 2003); GLB (Gramm-Leach Bliley); Sarbanes-Oxley Act (SOX); EU GDPR (General Data Protection Model) and Payment Card Industry Data Security Standards (PCI DSS) require proper data sanitization. Only a documented and properly detailed process can mitigate the risk of improper sanitation.
Proper Data Sanitization
Proper data sanitization involves proper erasure of data and physical destruction of the storage devices themselves. This uses data erasure and cryptographic erasure methods that clear data from the device via a variety of standards. Such software provides a validation certificate that the data was removed from the storage device. Taking this one step further the storage devices should be shredded or degaussed rendering it impossible to recover sensitive data. Simply deleting data or formatting a disk will not address the risks brought about by improper data lifecycle management. Are you doing what’s required to maintain the security and compliance of your organization in regards to data sanitization? Evolutionary IT can help address these data sanitization issues and keep you safe and secure.
What are some of your data sanitization challenges? Drop us a comment below, we’d love to hear from you. If you found this post helpful, please join our free monthly newsletter for helpful IT insights.