Data Destruction Best Practices: 5 Policies to Adopt

If you knew for certain that thieves were roaming your neighborhood looking for unprotected houses, would you cross your fingers and hope that your home would be missed? Or would you take immediate steps to protect yourself and your family? Most of us would jump into action, keeping in mind the old proverb that it’s better to be safe than sorry. Let the same philosophy propel you to take a hard look at your data security procedures. It’s far easier and cheaper to follow data destruction best practices now than it is to clean up the mess from a data breach later.

1. Keep the Circle of Trust Small

Here’s a fact that employers won’t like: an alarmingly high number of data breaches are caused by employees. That doesn’t necessarily mean that your organization employs scheming data thieves – internal data breaches are often caused by human error – but it’s definitely possible. Some industries are at greater risk than others. Verizon’s 2018 Data Breach Investigations Report found that healthcare was the industry with the highest rate of internal data breaches (56%).

It’s in everyone’s best interest to have strict employee protocols around data destruction. The more people that are involved in handling sensitive data, the more your company exposes itself to breaches. A small number of trustworthy people should oversee all things related to data destruction, like collecting devices that need to be destroyed, logging everything and witnessing destruction at the shredding facility.

2. Shred Every Scrap of Paper

Phone messages, scratch paper, outdated employee manuals, used takeout menus: data destruction best practices compel you to shred them all. It’s unlikely that these seemingly harmless papers could hold sensitive information, but shredding them is still the best company policy. Get employees in the habit of destroying all papers and you won’t have to worry about an important financial report accidentally ending up in the recycling bin.

3. Don’t Give Away Anything With a Memory

By now, many workers are aware that deleting data from a hard drive doesn’t destroy that data forever. Hopefully most people also know that magnetic tapes, modern printers, portable USBs, DVDs and CDs can also store sensitive data. Well-meaning employees might want to donate obsolete machines or take unused devices home, but best practices require that these drives and devices be thoroughly destroyed when your organization is done with them.

4. Shred Regularly

The longer sensitive data sits in a storage room or closet, the higher the risk that it will be accessed by someone with bad intentions. While it’s on company property, keep anything that holds data in locked bins and store those bins in locked rooms. Don’t let shreddable stuff accumulate. Schedule regular pickups with a reputable shredding company.

5. Collect and Keep Destruction Records

Legally, you may be required to destroy sensitive data. (Here in Massachusetts, where regulations require that businesses protect the personal information of Commonwealth residents, following data destruction best practices is an easy way to stay compliant.) Keeping careful records is the only way to prove that you’ve taken appropriate measures to protect that data, and you’ll need those records if you’re audited. Obtain a Certificate of Destruction every time you have a batch of data destroyed, then scan the certificate and keep the physical copy too. Northeast Data Destruction can also arrange for a representative of your company to witness the destruction process.

Data thieves get savvier all the time, so your data security has to be airtight. Adopting these data destruction best practices will help you keep your data safe, but it’s only part of the solution. The only way you’ll know that your data is permanently destroyed is to work with an experienced, reputable destruction company. Contact Northeast Data Destruction today for a quote.