This exposes competitive intelligence, increases vulnerability to industrial espionage and litigation, and jeopardizes an organization's compliance with corporate governance practices and state, federal, and industry regulations that protect proprietary and confidential corporate, customer, and patient information. For example, regulations such as DOD Pub. 5220-22.M, Sarbanes-Oxley, and HIPAA require proof of secure erasure.
Consequently, it is vital that data be completely erased and the erasure recorded to ensure critical and confidential information is secure from accidental or malicious recovery. Done correctly, data removal meets important compliance regulations and guidelines for erasing data, such as sensitive patient records or financial procedures.
Why Ensure Erasure?
There are several reasons for completely and provably erasing stored data, including:
- Data disposal and erasure has to conform to industry and other regulatory requirements.
- Potential litigation, loss of intellectual property, or financial loss can result from un-secure data disposal.
- Un-erased information is still accessible when storage systems are returned under lease, redeployed, swapped, or repurposed.
- Corporate guidelines require data erasure and removal of proprietary information prior to returning leased systems or repurposing storage systems.
- Some companies or industries require proof of data erasure and overwrite levels.
- Companies have different data disposal standards for different types of information.
- Some companies and industries require a three-pass or greater overwrite process (recommended in DOD 5220.22-M level).
- Companies have strict security requirements, to retain all disks and you need to secure them.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.