February 27, 2009
Recently I documented my thoughts on “Deleting Data does not Purge Data“. My inclination was toward developing a policy which would formulate the “Data Destruction Policy” in our company.
We deal with confidential data all the time which is sent by clients for:
During this time, the data is passed around our highly qualified staff (who have signed a “Non-Disclosure” agreement). Many a times, we have seen the medium of transporting/transferring data is a secure channel. However some times, the channel storing/transferring confidential data could also be a “DVD”, “USB Drive” or even a “Magnetic Tape Drive”.
To safeguard the interest of our clients and our staff members, we have partnered with a “Digital Media/Data Destruction Company”. This company guarantees destruction of digital information from any external media at a nominal cost of ($15-$25) per incident.
The Data Destruction Company has signed a “Non-Disclosure” agreement. So the data/information is safe and not in unsafe hands.
Here is the process that we have set:
We have also published this process within our organization so that any staff member who believes that they have disk/data that needs to be destroyed can contact our IT staff members and take advantage of the new “Data Destruction Service”.
This is a process which has safeguarded our position with the clients and we have built a trust relationship where we respect the privacy and confidentiality of the data we receive.
January 9, 2009 Office of the National Coordinator (ONC) for Health Information Technology (HIT) from the U.S. Department of Health...