Morgan Stanley makes the news again this month with bad decisions continuing over five years. These decisions included selling unencrypted hard drives (containing data) on auction sites. Their continued failures led to the exposure of 15 million customers and over $35 million in fines.
Proper hard drive and certified data destruction can be one of the best and easiest decisions a company can make in an era where we are plagued with worries over data security. However, many businesses continue to make the wrong decisions.
It’s easy to see why. You will find many free alternatives and community shredding days when you google hard drive destruction. For a small business, this may look like the best solution. Our motto is that you must vet the services you are signing up for from FREE to MOST COSTLY.
Depending on the nature of your business, you need to know what is happening to your hard drives. FREE shredding days and services simply can NOT provide the certification and documentation required in a robust data security plan.
Security professionals now recommend that all data be treated as PII (personally identifiable information) and destroyed accordingly. When vetting ITAD partners, you must understand their chain of custody. How will your hard drives and devices get from your locations to transport to the place of destruction?
While you may be considering creating your own internal data destruction options for fear of chain of custody, businesses are now up against constant turnover and staff shortages, which makes using trusted internal personnel in these processes almost impossible. Doing so would require the costs of a continual and robust internal training and management program.
If you are vetting options for secure data destruction, there are a few essential services to look for. Ask the right questions and be prepared to dig in further.
Exemplary service partners should provide options for:
- comprehensive hardware management to preserve your chain of custody
- security consulting
- compliance management for your industry
- easy options to make this an ongoing process
- guaranteed compliance with other regulations that require secure data destruction
- guarantees that all data is digitally destroyed following NIST standards, and each piece of equipment is processed per EPA, DEP, ISO 14001, and all national regulations
- a commitment to protecting the environment
- references from satisfied and long-term customers
Doing business with an ITAM/ITAD vendor should bring peace of mind that they follow high-level policies and procedures around security, availability, processing, integrity, and confidentiality and undergo industry attestations.
Don’t be afraid to ask the tough questions, and remember, FREE probably will come back to haunt you. If you’re working on a new project or reviewing new vendors, we’d love to connect.