This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies By closing this message or continuing to use our site, you agree to our cookie policy. Learn MoreThis website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Home » Clear, Purge & Destroy: When Data Must be Eliminated
Even at their most basic, information security programs are complex and include a seemingly endless combination of controls to detect, prevent and respond to data loss. The overlay of privacy mandates – some imposed by law, others by contract or internal data retention policies – further complicates the role of information security personnel. An organization’s sensitive data, for example, must be protected against all enemies. That is until it is no longer needed or no longer lawful to retain. Then, that very same data must be eliminated effectively.
Although most companies are mindful of the need to sanitize data when repurposing or disposing of technology (a situation familiar to all technology refresh programs), many fail to recognize where all of their sensitive data resides. Consider for example that the Federal Trade Commission (FTC) felt the need to release guidance in 2017 solely dedicated to digital copier data security. As the FTC pointed out, “Digital copiers often are leased, returned and then leased again or sold. It’s important to know how to secure data that may be retained on a digital copier hard drive, and what to do with a hard drive when you return a leased copier or dispose of one you own.” Now consider how the FTC’s caution about copiers might apply to entirely outsourced infrastructures where sensitive data routinely rests on leased and often re-assigned third-party systems.