Proper cleaning and disposal of devices is crucial. The details are vital when it comes to complying with data destruction laws. All over the world, data disposal is subject to several stringent and punitive regulations.
A hard drive may contain various data, including personal and sensitive information. There may be instances when they potentially store Personally Identifiable Information (PII). PII is a type of regulated data that includes any information that can be used to identify a person, such as postal addresses, email addresses, phone numbers, IP addresses, geolocation profiles, biometric data, etc.
For careless disposal of PII, many nations have harsh penalties. A company’s reputation, trust, and revenue are also at risk if it does not have established data retention and retirement procedures.
Businesses must be aware of several essential regulations in the United States.
In 2003, Congress passed this law intending to strengthen customer protections, especially those preventing identity theft. This increased the amount of PII required from customers, but it also improved how PII is protected. The fines for violating FACTA vary, but willful violations may result in fines exceeding $100 million.
Health Insurance Portability and Accountability Act of 1996 sets standards for covered parties and business associates regarding the information relating to health status, care, or payment. It applies only to protected health information (PHI).
This bill, also known as the Financial Modernization Act, was passed in 1999. It requires businesses in the United States to disclose how they share and protect personal information and includes provisions that safeguard the non-public financial, personal information (NPI). In addition, it implies that organizations use special safeguards on private data depending on an information security plan.
GLBA non-compliance penalties may be severe. People who are caught breaking the law face fines of $10,000 for each violation that is discovered. Each breach by an organization costs $100,000.
Avail Recovery’s Data Destruction
As you have read, there is much more to data and privacy than just formatting a hard drive. Data destruction needs to follow the proper procedures to ensure you are not liable for it falling into the wrong hands.
Our clients can be confident that all data-bearing assets handed over to us are entirely destroyed or erased. We provide an end-to-end chain of custody to assure accountability between all parties during transit. NIST 800-88, DOD 8550-22-M, HIPAA/HITECH, PCI DSS, FACTA, and SOX are among the many government standards that our erasure software meets.
Avail also offers the following to ensure a clean audit trail:
- Serialized Certificate of Destruction
- $5 Million Cyber Liability policy
- Clear language for privacy and non-disclosure in our Master Services Agreement
- Published Information Security Policy detailing physical and virtual security measures