Data disposal is the responsible disposal of electronic devices and other assets containing valuable company property information. This could be due to business closures, expansions, or disposal of old equipment. If done correctly, sensitive information will not be exposed or at risk of being stolen. Done wrong, your business could face huge fines and damage your reputation.
How much are these fines? In 2016, Morgan Stanley did not maintain updated data on the teams involved in the data center decommissioning. The company did not consider the possibility of a data breach at the time of termination and hired outside contractors as part of the termination project. In 2019, similar errors occurred when devices were migrated to another data center.
In the year after the 2016 crash, the Office of the Financial Conduct Authority (OCC) ordered Morgan Stanley to inform its clients. In the second shortage, the company voluntarily notified affected customers. A class action lawsuit has been filed. The OCC fined Morgan Stanley $60 million. Morgan Stanley made no mistakes, but there was a penalty kick. The company was fined $5 million by the Securities and Exchange Commission and $5 million by the CFTC for other violations.
Unfortunately, this is just one example of a company. There are countless other examples, some well known and some under the radar.
Procedures involved in data deletion
The download of information begins before the day you decide to move into a house or buy a new computer. This is something your company should consider when purchasing electronic and storage equipment for your business.
#1 - How long does the device last?
Companies need time to determine the useful life of their hardware and storage devices. Your old laptop may be fine, but if the operating system doesn't receive firmware updates, that device is vulnerable to security breaches and other threats. How do you know how long an item will last? Check the warranty. You should also consider the amount of data this device contains. A hard drive that processes a large amount of data for a full-time employee may not last as long as a part-time employee.
#2 - Have a plan in mind
Before you go looking for them, consider what you'll do with your electronics and storage when it's time to get rid of them. This plan should take into account your budget, the regulations that apply to your business, and the people you want to involve in the final process. As new laws are added and may change at the state or local level, those involved in the process must stay abreast of the latest laws and requirements. Hire experts to analyze the data when the time is right.
#3 - Take preventive measures
Before you start disabling, make sure to make backups. Test your backups to make sure they are working properly. Take an inventory of the data on a controller or device and store it in a safe place. In the event of a problem, this backup and inventory can confirm what was lost.
#4 - Day off
Everyone should know their role on the day of data deletion. They look at items that still have value and can be restored or sold. Items break off the grid and move apart. Data can be destroyed onsite or in a NAID AAA certified secure facility.
Experience is important, but there are four requirements that you must present to the ITAD collaborating company. Protect the environment, increase resale value, protect data privacy and comprehensive data security. These four elements are essential to the success of your project. Look for e-Stewards, a data stewardship team that is ISO 9001, NAID, R2, and SOC 2 compliant and has certifications in these areas.
Kate Fazzini is director of engineering and security operations at Ziff Davis; He is an assistant professor of cybersecurity at Georgetown University, the author of King of Lies: The World of Cybercrime, and a cybersecurity reporter for The Wall Street Journal and CNBC.
John Chigerian is the founder and CEO of IRI Cybersecurity. Business Journal readers can visit eridirect.com/insecurity-of-everything-book/ for a free copy of John's book, Insecurity of Everything.
Post a Comment
Post a Comment