How and Why to Create Data Destruction Policies

Hate to throw anything away? Technology lawyer Mark Grossman explains why your IT staff must fight that instinct and create a data destruction policy that works for the business.

Educate, Verify and Follow Up

Do not forget to look at your contracts with other companies to ensure you are handling data destruction within the terms of those contacts. For example, non-disclosure agreements sometimes contain data destruction terms and you must comply with those terms.

Educate your people and verify they are complying with your policy. This is particularly important with media that you are not destroying, but instead are reselling or recycling. You should take samplings as appropriate to ensure you maintain the proper levels of destruction. If you are doing the data destruction in-house, you need to verify your data sanitation and destruction tools and equipment are functioning properly and maintained appropriately.

Document the entire data destruction policy so you will know what media is sanitized and destroyed. Your documentation should allow you to quickly answer those who, what, where, when, why, and how questions.

Finally, the last step of an effective data destruction policy is to have a process in place so you can follow up with regularly scheduled testing of your process and media to ensure the effectiveness of your policy.

Mark Grossman is a tech lawyer, business advisor, and negotiator. He is the founder of the Grossman Law Group with offices in Manhattan and South Florida. Tate Stickles is a partner in the Grossman Law Group.

« previous page | 1 | 2 | 3

Comments

data destruction

More from IT Drilldown « Back to Security

Articles

Global Warming Research Exposed After Hack

Chrome Shines, Gore Opines, Staffs Decline

Two Approaches to NFC Battle for French Hearts and Mobiles

FCC: Internet Program for Deaf Cheated Out of Millions

Cyberattacks on U.S. Military Jump Sharply in 2009

Cisco's Free IPhone App Grabs Security Feeds

EU Security Agency Highlights Cloud Computing Risks

Cyberattacks on U.S. Military Jump Sharply in 2009

Mobile Security ABCs

Get up to speed on mobile security.

Learn More »

Security Newsletter

Recent Articles

Understanding Data Destruction: What the CIO Needs to Know.

Why Information Must Be Destroyed

Why Information Must Be Destroyed, Part Two

Enterprise Data Security: Definition and Solutions

Security MarketSpace

Practical Approaches for Securing Web Applications

Enterprises understand the importance of securing web applications to protect critical corporate and customer data. What many don't understand, is how to implement a robust process for integrating security and risk management throughout the web application software development lifecycle. Learn more »

Smart techniques for application security: whitebox + blackbox security testing.

An Executive's Guide to Web Application Security

Since so many Web sites contain vulnerabilities, hackers can leverage a relatively simple exploit to gain access to a wealth of sensitive information, such as credit card data, social security numbers and health records. It's more important than ever to examine your Web application security, assess your vulnerability and take action to protect your business. Learn more »

Web Application Vulnerabilities

Security managers may work for midsize or large organizations; they may operate from anywhere on the globe. But inevitably, they share a common goal: to better manage the risks associated with their business infrastructure. Increasingly, Web application security plays a significant role in achieving that goal. Learn more »

Lower the Cost and Complexity of a Mobile Workforce through Automation

Lower the Cost and Complexity of a Mobile Workforce Learn more »

Retooling IT for a Mobile Workforce

Check out this research note from IDC for guidance. Learn more »

Today's Risky Data Environment

This paper explains how an IT and security service provider can provide a practical, manageable and reliable solution. Learn more »

Business Continuity - Are You Always Open for Business?

This Oracle business brief explains how mid-sized can improve performance by creating an IT infrastructure that makes working faster, easier and more effective. Learn more »

WHITE PAPERS

Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle

Managing a growing threat: An Executive's Guide to Web Application Security

Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities

IDC Q&A: The Mobile Workforce

Managed Security for a Not-So-Secure World

Oracle Business Brief - Business Continuity - Are You Always Open for Business?

The Forrester Wave™: Web Filtering, Q2 2009

The Forrester Wave™: Email Filtering, Q2 2009

VIP Access for Mobile: Making Consumer Two-Factor Authentication Simple and Cost-Effective

Authentication as a Service by Forrester Research

Mining the Cloud to Ease the Enterprise Compliance Burden