The Association of Certified Fraud Examiners (ACFE) recently posted an article titled, “The Importance of Having an Effective Data Destruction Policy,” written by Milica Vojnic. Businesses collect an abundance of customer information, some of which is sensitive and personally identifiable. Vojnic reminds us that while collecting customer data allows businesses to operate more efficiently, doing so comes with the risk of leaking personal information to malicious third parties. Because of this risk, businesses are responsible for handling and destroying customer data in a safe and secure manner.
The article notes that governments worldwide are creating tighter rules and regulations in response to the threat of data leaks. For example, the General Data Protection Regulation (GDPR) was adopted by the European Union to protect the data of all citizens. Many data protection laws, including the GDPR, indicate that businesses are responsible for protecting customer data both during and after its use. Failure to properly handle customer data, including the destruction of data that is no longer in use, can provide fraudsters with an opportunity to steal personal information. This, of course, is detrimental to both customers and businesses.
With this said, how should businesses destroy customer data? Choosing the right destruction method depends on the sensitivity and confidentiality of the data in question. The article lays out a variety of destruction methods and security considerations.
Physical data destruction involves destroying the physical medium used for data storage. Once the storage medium is destroyed, there is no way to recover the data. While this is the most secure form of data destruction, it is also very expensive since the storage medium is rendered useless. Given the benefits and drawbacks of physical data destruction, this method is recommended for highly sensitive and confidential data.
A second method, secure data deletion, is considered suitable for the destruction of most types of data. Instead of destroying the physical storage medium, data destruction experts overwrite existing data with binary code. One benefit of secure data deletion is that the storage medium can be reused. While this method is not as secure as physical data destruction, it is still considered effective in most cases.
In addition to choosing the proper destruction method for specific types of customer data, business must also be aware of additional security considerations. For example, businesses must ensure that all backup copies are destroyed alongside the original. All data should be traceable throughout its lifecycle. To ensure that all data is accounted for, businesses should be aware of the location of all storage media. Finally, businesses must select reputable data destruction specialists. Choose specialists who can provide post-destruction certificates indicating that data was destroyed using international best practices. To conclude, implementing a sound data destruction policy will protect your customer’s rights while also ensuring compliance with data protection laws.
Want to learn other ways to prevent fraud? See our article here.