The Top Data Destruction Questions, Answered

Damage the data Hard disk scratch icon. Vector designEvery business, whether big or small, needs to be sure that data is properly disposed of at the end of its retention lifespan. But many companies lack clarity around the “whys” and “hows” of data destruction. In this blog, we answer the top data destruction questions.

Q: I have old backup tapes. Should I erase them?

A: Yes, you should delete sensitive files from expired tapes and hard drives. But remember, you can’t completely remove all data from your devices just by erasing them. Bits and pieces of sensitive information may still be stored on your media even after it’s erased. This “footprint” of data is vulnerable to theft and misuse.

Physical destruction is the only solution that ensures the data on your old backup tapes and drives can’t be extracted. A hard drive destruction service uses specialized shredders that apply massive force onto the media, crushing it and cutting it into pieces, rendering all data irrecoverable.

Q: What other digital devices should I destroy?

A: To make sure all your data is rendered unreadable and unusable, destroy all out-of-date IT assets and unwanted magnetic and optical media, including:

  • CDs
  • VCR and cassette tapes
  • Portable USBs
  • Flash drives

Your data destruction partner should provide a Certificate of Destruction after your items are destroyed.

Q: Am I required to destroy my data?

A: Yes, several well-known privacy protection laws mandate the destruction of financial, medical and consumer information, including the following regulations:

  • The Health Insurance Portability and Accountability Act (HIPAA)
  • The Fair and Accurate Credit Transaction Act (FACTA)
  • The Gramm-Leach-Bliley Act (GLBA)

Your attorney can offer guidance on which laws apply to your business.

Q: What happens to my e-waste?

A: After your items are destroyed, a reputable data destruction provider will ensure that the electronic waste is separated and recycled through a raw material extraction process so it can be used produce new metal and plastic products. Your data destruction provider should issues a Certificate of Recycling at the end of the e-recycling process.

Q: Do I need a NAID AAA Certified data destruction provider?

A: Yes, if you want to make sure your data is destroyed to the highest ethical and professional standards. NAID AAA Certified data destruction companies must pass ongoing audits by third-party security professionals. To maintain AAA Certification, a data destruction provider must continually pass surprise audits that assess the following areas:

  • Operational security
  • Employee hiring and screening
  • Responsible disposal of material
  • Liability insurance

By using a NAID AAA Certified data destruction service, you’re giving your data the protection it deserves.

If you have another data destruction question, please feel free to call us or complete the form on this page. We’re happy to be your data destruction resource.

Richards & Richards offers secure records and information management services for businesses throughout Nashville.