Data destruction: where does your data go when you hit delete?
When you work with a cloud service provider (CSP), you put a lot of trust in them to handle your data appropriately. But do you ever think about what happens to your data on your CSP's infrastructure when it is replaced or becomes obsolete? You can't afford for sensitive details to get into the wrong hands, and so disks must be securely wiped, shredded and destroyed.
Not only is secure data destruction important in reducing your risk of a security breach, (and potential financial losses as a consequence), but if you need to comply with any governance standards for privacy or data protection then your destruction processes can be a necessity. The UK Information Commissioner's Office (ICO) released figures this year stating that over £4m was paid out in fines by organisations in 2013 due to data breaches, most of these occurring in sectors that handle highly sensitive data, like healthcare.
We would recommend including questions about data destruction in your due diligence process when taking on any new cloud services or suppliers.
There are a few options available to organisations when it comes to data destruction – you can securely format and overwrite a disk, you can degauss it, or you can physically destroy it. We use a combination of methods. By formatting disks and overwriting with new data, the old data becomes irretrievable. In addition, once disks become unusable, either from a failure, or from simply reaching their end of life, we arrange for complete physical destruction.
Last week for instance, we had 150 drives collected from Databarracks to be securely destroyed.
If you do choose to use a third party for physical destruction, it is vital to work with a suitable supplier. Earlier this year, NHS Surrey was issued with a fine because the supplier they used did not destroy the data as was agreed and patient data was found in computers later sold on eBay.
As our customers know, security is our top priority - our data shredders, Data Eliminate, are MOD and CESG approved and are certified to ISO 27001 for Information Security, ISO 9001 for Quality Management and ISO 14001 for Environmental Management.
Save