In 2012, the US Office of Civil Rights (OCR) fined Blue Cross Blue Shield of Tennessee $1.5 million for losing personal details of 1 million customers. Since then, harsher penalties have come into force with new laws like the General Data Protection Regulation (GDPR). The GDPR has one of the harshest penalties, of 20 million Euros or 4% of a company’s annual revenues. Considering such penalties, businesses have a strong reason to engage secure data destruction services.
What is Physical Data Destruction?
It is destroying data storage media, and the data contained so that the data is inaccessible by unauthorized parties. Storage media is anything that holds data including hard drives, thumb drives, DVDs, CDs, tape drives, digital cameras, mobile phones, and tablets.
Physical data destruction renders data storage media unreadable to prevent access to the data. Secure data destruction services destroy data storage media in any of the following two methods, or a combination.
The data storage media is crushed by powerful industrial crushers until it is deformed to a point of unreadability
The storage media is ripped apart into small sizes. The US National Security Agency recommends shredded particles be no larger than 2mm.
Data storage media relies on magnetic fields to store data. Degaussing destroys these data fields to make the data on them inaccessible. The highest levels of secure data destruction degausses data storage media before shredding or crushing.
Why Do Physical Data Destruction?
There are several reasons a business would want to keep its data confidential and inaccessible from malicious actors and the competition.
Prevent Private Information Breach
Private data is highly sought after by hackers. They can use the data in different nefarious activities, including identity theft and phishing. Identity theft is one of the most lucrative online crimes, generating billions of dollars per year. Hackers take Personally Identifiable Information (PII) including names, addresses, identity numbers, social security numbers, and physical address. They then use this address to impersonate the original user, and access different privileges. They can access bank accounts, credit services, and different subscription services.
Protection of private client data has become one of the hottest issues in today’s business environment. Laws in different jurisdictions have been crafted to enforce this data confidentiality and security.
In Europe, the General Data Protection Regulation (GDPR) enforces it on all entities doing business with European customers. In the US, data privacy is covered by several laws regulating different sectors like health and finance. These include Health Insurance Portability and Accountability Act (HIPAA), Children’s Online Privacy Protection Act (COPPA) and Gramm- Leach-Bliley Act.
These laws come with varying penalties for negligence in handling private data. The GDPR has the highest penalties. For example, Marriott International Hotels was fined 110 million euros for a data hack that breached information of 30 million EU residents. The information included credit card numbers, passport numbers, addresses and other sensitive data.
Prevent Loss of Proprietary Information
Businesses use a lot of money in research and development for different products. Access to this proprietary information makes nonsense of all the money spent in product development. The business loses its competitive edge. The competition can reverse engineer or copy the business’ most popular products leading to massive losses in market opportunities.
Physical data destruction of end-of-life lab computers and other data storage media where proprietary information is stored ensures it is secure. It is safe from corporate spies, hackers, and other unauthorized parties.
Keep the Business Network Secure
Data on unsecured end-of-life equipment can be very helpful to hackers. These malicious actors are usually on the lookout for data such as staff names and positions, email addresses, and IP addresses. They can use this information for reconnaissance and mapping out the network for vulnerabilities. They will then attack through these vulnerable points.
Hackers can also use this data for phishing purposes. This attack happens when hackers impersonate digital credentials of business employees, or other aspects including the entire website. A good example is the 2018 British Airways attack where BA customers were led to a phishing site and their sensitive data harvested. The attack affected 500,000 customers and BA was fined 204 million euros.
Businesses today should have a very strong motivation for secure data destruction. It protects the business from adverse financial and legal consequences. By maintaining confidentiality, a business creates trust in its brand and customer loyalty.
Physical data destruction is a crucial part of information security in today’s business environment. Businesses are highly encouraged to use professional data destruction services. These services have the capacity, expertise and experience to do a proper job. Leaving this task to the professionals allows small businesses to stay compliant with various data privacy laws and regulations. Physical data destructions are no longer an option but a mandatory task in today’s privacy sensitive world.