Let’s paint a picture, or rather a corporate nightmare that floods fear into every department. A nightmare that brings hours of extra work to your PR department, that requires your financial department to burn through funds for lawsuits, that leaves the most experienced board member confused on what the next steps are. What is that nightmare? Data Breach!
We apologize for the scare, but it is an unfortunate reality that has affected millions of Americans just this year alone (and I can guarantee that when you read this, the numbers have gone up). So, what can you do? You’ve probably heard some of these before: improve security, limit access to confidential information, give employees training on common scams. These are all great preventative methods, but there is one method always neglected. One method never talked about. That method? Data destruction on retired corporate devices.
Data Destruction?
It is far too easy purchase a new fleet of devices and forget about the old ones. New devices are exciting, they bring new technological capabilities and allow for company growth. We are not suggesting that new devices will ruin your company reputation or cause dire financial distress, rather that the transition to new devices needs to be seamless and without data loss. This sounds obvious and might even sound like an annoying nag to do the right thing. This is not just the ethical choice, but also the choice that prevents financial and reputation damage. Doing it right the first time is worth the extra time spent, especially if it means prevention of career annihilation.
What are my options?
You have two options when it comes to data sanitation: Onsite and Offsite. Onsite refers to data sanitation services within your facilities, whereas offsite refers to data sanitization performed at the ITAD’s facility. Simple, right? When working with a qualified ITAD provider, both are viable options. IMPORTANT DISCLAIMER: Not all ITAD providers have the capabilities to perform data sanitation onsite and nearly all ITAD provers cannot provide CERTIFIED onsite data erasure. Choosing a qualified ITAD provider that can provide certified onsite data erasure will always be the most secure option over uncertified onsite erasure and any offsite erasure. The question then becomes: What can you afford to risk?
What legal regulations must I uphold?
Are you a medical facility? Do you access medical documents? Medical facilities are legally required under HIPAA to protect patients' data, and this applies to Covered Entities and Business Associates that work with them.
How does your company process payments? If you use a third-party processor for two or more transactions a month, you must comply to data destruction requirements under PCI.
Are you a part of a financial institution that provides loans, insurance, or financial/investment advice? GLBA requires transparency on data sharing practices and mandates that you safeguard all consumer data.
This list goes on and on, to the extent that all businesses end up requiring data destruction. Read more about data destruction regulations and laws here. Regulations that legally require data protection and subsequent destruction are strongly encouraged to consider onsite data destruction.
Why do you recommend Onsite Data Sanitation?
1. The Most Secure Option - if you contract a certified ITAD company
It will always be more secure to perform any service directly from your location. During onsite data sanitization services, an ITAD company sends trained (certified and with background checks) employees who specialize in data destruction. You can monitor and observe the entire data destruction process (you don’t have to, but you have the option). You can see who enters or leaves, ensure no devices leave the room, and watch in real time as devices undergo data sanitization. The second a device leaves your facility you introduce additional risk of theft or misplacement.
2 . Adherence to Federal & State RegulationsAs mentioned above, there are copious amounts of legal regulations that apply to data, where at the end of the day, all businesses end up needing to comply. By using a qualified ITAD provider with certified data erasure software, onsite data sanitation will protect you from data loss and the lawsuits and damaged reputations that follow.
Why do you recommend Offsite Data Sanitation?
1. Less costly service feesOffsite data sanitization requires less coordination, it is much easier to send a secure freight truck or mail devices to the ITAD’s facility than it is to send qualified ITAD technicians to your facility. Due to the time dedicated at your location, the cost of service remains higher than it would offsite.
2. Most ITAD providers do NOT offer onsite data sanitationMany ITAD (or pseudo-ITAD) providers will say that they choose not to offer onsite data sanitation due to a plethora of reasons such as time and money saved, yet the real reason is that they don’t have the software or qualified employees to perform onsite erasure. The service requires portable equipment, multiple days of sole employee dedication to your project, and coordination from project managers to ensure everything goes to plan. To put it simply, most companies haven’t or won’t put the effort or means into offering these services.
Recap
Data destruction is a must, it is not a step that can be skipped. Onsite is best and in some cases should be chosen without a second thought, yet offsite remains an adequate option in some cases. We recommend onsite data sanitization if you are mandated to protect data under legal regulations, such as HIPAA, PCI, or GLBA. It is too risky not to take the most secure option when it boils down to legal responsibility. If you are not bound by regulation, the decision should balance your tolerance of risk – the likelihood with the impact – against the cost to mitigate. We know that extreme discomfort is found with the thought of data leaks and theft, but we also understand that cost and convenience are factors. Before making your final decision, sit down with an ITAD expert and have a conversation about what the process for onsite and offsite looks like.
Email Info@dmdsystems.com to talk to an ITAD expert today.
COMMENTS