Data destruction is required practice for daily operations, but how you manage that process is critical.

It’s important to develop data protection and data destruction processes.  Management should be in charge of regularly assessing whether the prescribed activities are the daily norm for your employees.  Likewise, it should be a continual discussion to decide how to determine if your processes are still sufficient to protect the information entrusted to your company by its customers and clients, as well as how to improve over time.

Compliance best practices for data destruction in any form.

Documents:  Shred everything.  It’s a good idea to shred every paper document that exits your office.  This way you can be assured that nothing slipped into the recycle bin and into the hands of a criminal.  Plus, you don’t know who wrote a secure note or password on the back of an otherwise benign unwanted printout.

Hard drives and Media:  First, barcode everything IT related from computers to monitors to flash drives to copy machines.  This inventory will help you know what you have in case of an office breach or fire.  Knowing what’s left will help you determine what’s gone.  Otherwise you may not know and your liability could skyrocket.   When you’re ready for new equipment, it’s vital to properly dispose of the old equipment.  Unfortunately, this may not mean donating it to your local charity.

Off-Spec Products:  Your brand holds tremendous value.  Having product on the marketplace that is perceived to be yours and then causes someone harm or is not to your brand’s standards will cause your company trouble.  Best practice is to prevent any chance of this product getting to market – or black market – by destroying the product.

Badges and Payment Cards:  Reduce the risk of unauthorized access to your secure facility by keeping a log of all badges and IDs issued.   Reclaim all badges when an employee leaves the company.  Customer service or store employees are trained to make customers happy.  But if this leads to the fraudulent use of payment cards (credit cards or gift cards) it could be an untraceable source of loss for a company.

If you have questions about your company’s data compliance or data destruction, contact our specialists today.

Additional Resources:

For medical practices: Department of Health and Human Services HIPAA Privacy Rule

For financial companies: Federal Trade Commission Gramm-Leach-Bliley Act

For all businesses that have personal information about Massachusetts residents: Massachusetts 201 CMR 17


Learn more about our compliance and certifications