Data Security with ITonDemand
Your support team at ITonDemand wants to be certain you are properly handling your old IT equipment so you don't create a situation that will result in an expensive data breach
Most corporate officers and business owners are not aware of the numerous federal regulations requiring them to protect employee and client information. If personal or private information is disclosed, the company owners and/or officers are subject to large fines and/or imprisonment. These regulations apply to single-person offices as well as major corporations. Every business owner must protect themselves from the consequences of leaked data.
There's a good chance your company has stacks of old equipment that have been sitting unattended for weeks, or even months. Chances are also good that this equipment contains confidential data, which by law, you are required to protect. Many companies donate old equipment, give it to their employees, or even sell it online. Unless you are absolutely certain there is no data remaining on the equipment, such disposals are extremely risky.
Be aware, PC's aren't the only equipment that contain data. Printers, copy machines, medical equipment, cell phones, PDAs and other electronic items retain data that should not be legally disclosed. The longer the equipment sits the greater risk of theft, along with the data.
Not protecting client information can result in costly fines, and the fines aren't the only threat to non-compliant companies. Bad PR as a result of a data breach can destroy a company's reputation and result in costly damage control. A recent study determined the average cost of a data breach is $7,200,000 or $214.00 per record compromised. The math is simple: if you accidentally disclose your client list of just 6,000 clients along with personal identifiable information, you could be forced to pay approximately $1,300,000.00. All industries must be vigilant; the combination of exposing employee and client records could be in excess of 10,000 files putting your loss in the $3,000,0000 + range.
What can your company do to prevent data breaches? Number one, establish required policies and procedures to deal with end of life equipment. Each of the privacy laws contain verbiage which requires establishing policies and procedures to properly protect data. Seek an outside vendor whose primary business provides the proper and secure sanitization of data and the proper recycling of the equipment the data resides on. Check their references and visit their facility. Obtain proper documentation that will provide an independent, verifiable, defensible and auditable trail you can use to demonstrate that you properly destroyed the data.
Destroying data is not an arbitrary task and destroying data beyond forensic reconstruction is difficult. It's not just electronic media you need to worry about. Microfilm and microfiche, x-rays, magnetic tapes, CD's, as well as other media all fall under a federal regulation for proper destruction. There are specific federal guidelines for data sanitization requiring specialized equipment. Remember, deleting files and reformatting drives does not destroy data. Most companies rely on professional data destructors. Experienced contractors are reliable, secure and often less expensive than in-house practices. Don't leave your company vulnerable to data breaches; take action today.
Contact Us for information on how to stay compliant with the required regulations.
http://www.ponemon.org/blog/post/cost-of-a-data-breach-climbs-higher
http://aishealth.com/archive/hipaa1111-06
http://www.scmagazineus.com/patient-data-stolen-from-california-medical-group/article/204876/
