Data destruction isn’t the fun topic in digital technology. But if you’re a business owner or manager or you have an online side hustle and you collects sensitive data from customers or clients, you need to learn more about this critical subject. Failing to destroy sensitive data before retiring or selling a computer or other electronic asset is a serious security breach—one that could cost a small business thousands of dollars in fines and legal fees and its credibility.
So, what’s driving the interest in digital data destruction? It’s the boom in digital data and the increasing threats posed by hackers. These drivers are making the protection of sensitive data a top priority for businesses of all sizes. Unfortunately, this growth in digital data isn’t slowing down. IDC’s Data Age 2025 Report says that the volume of data will grow to 175 Zettabytes by 2025 at a CAGR of 61% by 2025. That’s up from 33 Zettabytes in 2018.
The emergence of stringent data protection laws, like the EU’s General Data Protection Regulation, are also driving the increased interest in data protection. These laws call for organizations that possess personal data to deploy adequate measures that protect users’ sensitive data. Failing to comply with these laws and regulations throughout the data lifecycle can result in substantial penalties, customer loss, and even lawsuits.
Here’s what one expert said about data destruction for businesses, whatever their size: “Enterprise clients generally have a pretty good idea of how to deal with this problem; their practices have been relatively consistent over several years, and it doesn’t generate a good deal of attention,” says Jay Heiser, an analyst at research firm Gartner in an article on CSO.com. “But many small and mid-size businesses haven’t thought through the risks of undestroyed data.”
Keep in mind that it doesn’t matter how the data is lost or stolen— hacking, malware, ransomware, spyware, or failure to destroy data on hard drives before selling an asset. You’re also responsible for the data if someone steals an electronic device containing sensitive information. So, it’s critical that you “scrub” sensitive data from an electronic device’s hard drive if you sell it or retire it.
Businesses can store sensitive data on any electronic device that has a removable hard drive with sensitive data, including digital cameras, computers, printers, scanners, and fax machines. Mobile devices are particularly vulnerable when it comes to lost or stolen data. For example, you might leave your phone somewhere while having a night out on the town. Or someone breaks into your car and steals your phone while your shopping.
Below are seven reasons to destroy data on devices you’re selling or retiring:
- Save money on fines and legal fees
- Prevent legal action against you
- Comply with government regulations
- Maintain your credibility
- Avoid a public relations nightmare
- Keep proprietary data secure
- Save the surrounding environment
An excellent way to ensure the data on hard drives in electronic devices you’re retiring or selling is to create a data destruction policy for your business. Having a consistent data destruction policy followed by everyone within your company follows at all times pays dividends. It’s also critical in this day and age. You should also think about using outside contractors for secure disposal.
Keep in mind there are different methods for destroying data. For example, three ways to destroy data are overwriting data on a storage device, purging data from a hard drive, and physically destroying storage media.
If you want more information on data destruction, The National Institute of Standards and Technology is a reliable source of information about data destruction methods. Its NIST Special Publication 800-88, for example, provides in-depth information on data destruction.