Safe Information Disposal

Safe Information DisposalYou would think that all important company information must be in databases, given how many of them are in the world.  CRM systems, ERP, finance applications, HR systems and millions of websites all use databases to store their data.  Yet the largest majority of important information is still inside documents.

A lot of companies use content management systems (CMS) to store these documents and get some control over them.  Many of us store them locally or in our email.  Sometimes they’re in the cloud.  Sometimes we’re not sure of where they are or even what’s in them.  Because of this, it’s difficult to get a handle on all this information.  That can be a scary prospect for anyone.

As organizations think about security and regulatory compliance, one of the areas of concern is data disposal.  How long do you need to keep this information around?  There is a lot of duplicate data sitting in emails and file folders.  Disk space may be cheap, but with thousands of documents created everyday in a business, things pile up quickly.  I just did a search on my hard drive and found out I created or edited 50 documents this week.  That’s a lot of documents.

At some point I will need a bigger hard drive to store more documents.  Sometimes a business buys additional storage or sometimes they replace old drives with new ones. 

What happens to the data on those hard drives?  It all depends on the policies of your organization.  Some destroy the hard drives so no one can use them.  This is common in military or government organizations, although a lot of companies do this.  Some format the hard drive or use file deletion software.  As any savvy computer person knows, just deleting a file doesn’t actually get rid of it. You need to overwrite the document with new data.  If the systems were leased, they may return them to the leasing company.  The leasing company may or may not wipe them before selling them or returning them to the manufacturer. 

If your documents are encrypted with a persistent security policy, you are safe no matter what process your company uses.  If someone could pull the document from your hard drive, they couldn’t read it.  Even if they opened it in a hex editor, it would look like a bunch of random characters.

There is a lot of important information on hard drives that may not be properly erased before disposing of the drive.  If it’s important, think about securing it before you need to upgrade.  It might be fun to put your old drive in an industrial shedder, but more often than not, it just goes into a drawer or back to a leasing company.  Encrypt the contents and you don’t need to worry about something slipping through the cracks.

Leave a Reply