How many times have you heard this? “Someone’s trash is another’s treasure.”
If you’re like me you’ve probably heard it a million times and oddly enough found it to be a true statement. In the past, disposing of electronics and digital media typically meant a trip to the trash bin and not much thought was given to data protection. However, today that isn’t a viable or legal option for many reasons. Due to data regulations and potential fines, failing to properly dispose of digital media isn’t a risk any company can afford to take.
When digital media isn’t securely disposed of, it can potentially fall into the wrong hands providing coveted access to data and personal information stored within the device. Hackers and cybercriminals know the true value of data and how they can capitalize on these opportunities taking full advantage of a company’s lack of security. Whether you’re an organization or an individual, when it comes to things you don’t need anymore like a broken cellphone or an outdated laptop, it’s important to dispose of it correctly and to remove all your sensitive information and data from the device prior to disposing, recycling, or donating.
Let’s discuss how you can have peace of mind when it comes to the secure disposal of your digital media. We’ll also cover disposal methods and provide some helpful tips.
What Is Digital Media?
You may be wondering: “What is digital media?”
It’s a form of electronic media where data is stored in a digital format. Digital can be defined as data that is composed of a series of digits while media refers to the methods of how the communication is broadcasted. Digital video, audio, texts, websites, and computer software are just a few examples of different types of digital media.
However, what makes digital media unique is its ability to send and copy data easily. Due to its formatting, digital content can be conveniently transferred to other devices like DVDs and hard drives, which also means the data and content now resides within the memory systems of each of those devices as well.
The Value of Data
The influence and power of data are undeniable. Data is the new currency that shows no sign of losing value. Because digital data is such a highly valuable asset, it’s also commonly targeted. Security breaches and data leaks have become all too common as the demand and pursuit of data continues to grow.
Let’s look at some impressive growth trends and performance data from the Global DataSphere forecast and IDC report: “Worldwide Global DataSphere Forecast, 2020-2024: The Covid-19 Data Bump and the Future of Data Growth.”
- “The amount of data created over the next three years will be more than the data created over the past 30 years.”
- “ Productivity / embedded data is the fastest growing category of data creation with a 40.3% CAGR for the 2019-2024 forecast period.”
Every company’s data is at risk. With potential fines, loss of revenue, and the negative impact on a company’s reputation, the cost of mishandling your organization’s data and digital media disposal are a price no one can afford to pay. According to respondents of a survey conducted by Dell Technologies:
“63% aren’t very confident that their organization’s current data protection infrastructure and processes are compliant with regional data governance.”
Why is data security important? In order to be compliant with financial, data security and data protection regulations, you are required to store and dispose of it securely regardless of whether the information is personal, organizational, or financial. Compliance is crucial especially when it comes to the protection of confidential and sensitive information for organizations that provide government, healthcare, or financial services.
When Do You Need To Dispose Of Digital Media?
Everything has a finite lifespan for being useful. When it comes to most things like media, IT equipment, data, and business information, they all have a shelf life within an organization. Once it no longer serves a business purpose and storage isn’t required, the time has come for it to be disposed of. Whether it’s a broken tablet, outdated hard drives, or a collection of USB memory sticks, the digital data and information inside these storage systems all must be properly removed before it leaves your organization.
When organizations purchase new devices, replace IT equipment, or update a computer operating system, they need to ensure their digital data has been completely removed prior to donating, recycling, selling, or disposing of anything. If data and sensitive information haven’t been sanitized and permanently destroyed, they can become a potential security risk. Cybercriminals and hackers search for these opportunities to gain access and to exploit companies’ confidential information and digital data.
The Purpose Of Sanitization & Media Disposal
The National Institute of Standards and Technology (NIST) defines sanitization as: “The general process of removing data from storage media, such that there is reasonable assurance that the data may not be easily retrieved and reconstructed.”
Sanitization is another way of saying disposal or destruction. It’s the process of securely removing all digital data and sensitive information that is stored within the device and destroying the digital media according to data disposal guidelines.
The process is important because after sanitization has been completed, it prevents the threat of digital data and sensitive information from being recovered from things like a hard drive, diskette, or even a cartridge. Essentially the purpose of sanitization and secure disposal comes down to protecting your company’s data even on its way out the door.
Methods of Sanitization:
When it comes to data sanitization and disposal, it’s wise to keep it simple: Destroy all data prior to it leaving your organization. There are different methods and levels of digital media disposal. The type of sanitization process used varies according to the type of device memory and data.
You can also refer to how-to guides published by the National Security Agency to ensure you are implementing best practices when it comes to permanently destroying data. It’s important for every company to be compliant with regulations and to update their policies as needed to protect digital data and information throughout its lifespan in the organization. It’s up to your organization to make the final decision of how media is destroyed, and utilizing existing resources and agencies can help you make that decision.
Overview Of Destruction Methods
Since data is recorded on various memory types and storage systems, each one requires a different level of destruction. For example, you would need to degauss and destroy computer magnetic memory such as hard drives and backup discs, but disintegrate solid-state memory such as a cellphone or a smart device.
- Data Erasure/Overwrite: Software used to overwrite your data and clear from a hard drive. Data erasure ensures all data is destroyed on digital media.
- Degaussing: A method to magnetically erase data from magnetic media like hard drives.
- Physical Destruction: Destroying electronic media physically and ensuring it’s completely destroyed in order to prevent data from being pulled or recovered.
Removing data by deleting files from a device is one method for sanitization. However, it’s important to remember that simply deleting a file and emptying the trash bin doesn’t permanently remove the data and files from the device.
Even after a delete or format command has been executed, they can still be retrieved and remain stored on the media. In order to securely delete data and remove sensitive information, there are several steps that need to be taken to complete the process of sanitizing the digital media before it’s disposed of, recycled, or donated.
Require multiple steps to achieve sanitization: use disk cleaning software. It’s designed to irreversibly remove the digital data stored on the hard drive, which prevents the possibility of recovery.
- Secure erase: A set of commands in the firmware of most hard drives. Select the program and run the erase command set, which will remove the data by overwriting all areas of the hard drive.
- Disk wiping: A utility that erases sensitive information on hard drives and securely sanitizes flash drives and wipes secure digital cards.
Smartphones and Tablets
Remove all data from your device by doing a factory reset. Devices have different “hard reset” procedures but most can be completed through the settings. If applicable, remove any memory cards and the subscriber identity model card, if your device has one.
Classified Media Disposal & Destruction
If your organization needs to outsource digital media disposal and destruction services, ensure you verify the company’s credentials including relevant security and compliance certifications. In addition, ask the company if they are approved vendors for the specific services you are looking for and inquire about the type of equipment they will be using for the disposal/destruction process.
For example, we designate projects with a Material Security Classification Level to ensure that special processes for handling the material are utilized based on client data and project requirements. When it comes to security and compliance, look for certifications and vendor classifications that align with your company’s needs and security guidelines.
Some areas you might consider when asking about security are:
Helpful Tips For Sanitization & Disposal Policies
Does your business have a sanitization and media disposal policy? Every business should have a written policy which outlines their compliance for data retention and media disposal guidelines in accordance with regulations. It should clearly state their business’s objectives and stance for handling the disposal of data from storage storage devices and media which contain sensitive/private information.
Remember These Tips For Your Organization
- Ensure your company has a clearly defined media disposal strategy including policies outlining the various processes utilized for the secure disposal of digital media and data.
- Educate employees to ensure they understand the company’s policies for secure media disposal and records retention guidelines.
- If confidential or sensitive information is contained in the media, utilize the appropriate disposal method and destruction level needed for security.
- Keep updated logs to ensure proper documentation and compliance of policies. Obtain destruction certificates for media disposal.
- If your organization needs to outsource digital media disposal and destruction services, ensure you verify the company’s credentials, equipment, and obtain certificates for destruction.
Need more information about secure digital media disposal? We are happy to help and to assist you with determining the best method that meets your specific business needs and goals. Contact us at 800-359-3456 or email us at firstname.lastname@example.org.
Want more information? Check out a few articles related to security and media disposal:
“Digitization & The Chain Of Custody” describes how the chain of custody of your records is a critical component during a digital conversion project. Learn what to ask about and how to evaluate a company’s chain of custody methods.
“Choosing A Partner For Your Secure Scanning Project” describes key items to consider when choosing a scanning partner including physical security setup, digital and network security processes, and security credentials (such as audits).
“CJIS Digital Scanning” is our overview of how to scan criminal justice information (CJI) for law enforcement agencies. If your office is handling and processing CJI, this is a starting point for you to understand what CJIS means and why it’s important to you.