Data destruction is the process where data stored in various forms electronic media such as hard disks is destroyed to ensure that it is completely unreadable and cannot be accessed or used for unauthorized/illegal purposes by any means. Most modern-day companies opt to use digital storage instead of traditional storage methods which use huge amounts of paper and storage space. With the advancement of technology, the investment needed for getting more digital storage space is going down attracting more individuals and companies. But with time, companies face the need to dispose of old, unnecessary data thus creating the necessity for effective data destruction policies.
Why is it necessary?
An effective data destruction policy will prevent serious breaches in protected data and privacy policies. Also, legal destruction of data can be advantageous during a judicial case since it will prevent the opponents from digging up certain information necessary for building up their case.
How to create an effective policy?
Basically, data destruction can be done using 3 methods as follows. Various companies select one or more methods according to their requirements.
- Overwriting – Here new data is used to replace the old data
- Degaussing – The magnetic field of the storage media is reduced or removed using a special device known as degausser.
- Physical destruction – Destroying the data disks by melting or shredding
One can select a destruction method/s accordingly after properly categorizing the data. Having a proper data retention policy can be advantageous as it gives predetermined storage places for different categories of data.
Before designing the policy, one should note that there are various laws and regulations which have to be taken into consideration depending on the type of the business. For example, he Fair and Accurate Credit Transactions Act, HIPAA etc can be used as guidance for heavily regulated industries while other can look out for international standards such as the “Guidelines for Media Sanitization” by National Institute of Standards and Technology, USA.
After the policy is designed, it should be properly documented as it will ensure proper transparency whenever necessary.
An effective policy should be consistently adhered to by everyone. For this, properly educating the people involved is a must.
The effectiveness can only be determined after implementation of the policy. Therefore in order to test the effectiveness, it should be tested regularly after the implementation.