What are the Security Implications of Improperly Disposing Confidential Data?

Sat, 09/23/2017

What are the security implications of improperly disposing confidential data?

In one word, devastating! Security implications are significant and it’s never been more prevalent than today.  Costing the US over 50 billion dollars annually, identity theft, corporate espionage and dumpster diving have been ever growing concerns. The trash is considered by business espionage professionals as the single most lucrative source of competitive and personal data.  Any establishment that discards private data without destroying it first, exposes itself to many risks.  The only means of minimizing this exposure is by having a controlled program for the secure collection and destruction of information. 

Securing and managing critical documents must be a top priority with any organization that contains employee data, trade information, client and consumer information, company financials, etc.  Thus, it goes without saying, every business needs to have secure data policies.  The goals to keep in mind when setting information handling policies are keeping critical information securely protected from unauthorized access and destroying physical documents so that they are unreadable and un-restorable.

Can disposed data be “restored” into a readable fashion?  Unfortunately, the answer is yes if not properly destroyed by industry approved methods.  Documents can certainly be reconstructed via multiple manual methods by reassembling strips of paper bagged from typical office shredders.  There is even software available that enables the user to realign the strips into full, readable documents.  When it comes to hard drives, erasing data gives the user a very false sense of security.  Data can be easily recovered from a hard drive that has been erased should that drive end up on the desk of computer savvy identity crook.  It’s even been know that degaussing of hard drives is not 100% guaranteed.  Did you know that old, broken down printer sitting in your office closet has memory and probably contains data from every sheet of paper it printed?  Think twice before bringing it out to the curb.

The only guaranteed method of secure data destruction is by the use and scheduled practice of a professional third party secure destruction provider to ensure a closed loop of the information chain of custody.  Professional companies are able to systematically destroy any and all types of data with the use of industrial shredding/destruction equipment, secure transportation vehicles and facilities.  Not only can a professional company guarantee the complete and total destruction of the data, they can guarantee the secure transport and disposal of the shredded material to its next phase of life.

Because information is available in so many forms, maintaining data privacy and security is infinitely more challenging today.  Businesses and organizations need to focus on what they do best and leave the secure disposal of information to the professionals who do what they do best.  A small mistake by an employee to the complete lack of a unified disposal policy can result in the loss of a company’s livelihood and reputation.  The effort and marginal investment of implementing a secure data destruction program pales in comparison to the cost of having that data fall into the wrong hands.