Data Destruction Policy/Service

Bill Gates: Work hard, be nice
January 2, 2013
Microsoft’s 2019
January 2, 2013
Show all

February 27, 2009

Recently I documented my thoughts on “Deleting Data does not Purge Data“. My inclination was toward developing a policy which would formulate the “Data Destruction Policy” in our company.

We deal with confidential data all the time which is sent by clients for:

  1. Data Migration
  2. Checking Database Integrity
  3. Development
  4. Stress Testing

During this time, the data is passed around our highly qualified staff (who have signed a “Non-Disclosure” agreement). Many a times, we have seen the medium of transporting/transferring data is a secure channel. However some times, the channel storing/transferring confidential data could also be a “DVD”, “USB Drive” or even a “Magnetic Tape Drive”.

To safeguard the interest of our clients and our staff members, we have partnered with a “Digital Media/Data Destruction Company”. This company guarantees destruction of digital information from any external media at a nominal cost of ($15-$25) per incident.

The Data Destruction Company has signed a “Non-Disclosure” agreement. So the data/information is safe and not in unsafe hands.

Here is the process that we have set:

  1. Any disk/tape drive which needs to be destroyed should first be formatted by our company staff member.
  2. The staff member would also physically abuse (destroy) the disk with a hammer or melt the same if possible.
  3. We would then give the disk/drive to the “Data Destruction Company”
  4. During this time, the company would provide us with a receipt of the disk/drive and would inform us the date/time the data will be destroyed
  5. Once the data is destroyed, the company sends us a formal receipt that the data was destroyed and the task has been completed.

We have also published this process within our organization so that any staff member who believes that they have disk/data that needs to be destroyed can contact our IT staff members and take advantage of the new “Data Destruction Service”.

This is a process which has safeguarded our position with the clients and we have built a trust relationship where we respect the privacy and confidentiality of the data we receive.

Leave a Reply

Your email address will not be published. Required fields are marked *