Embed Size (px)
Citation preview
Data DestructionIs it really gone?
Donna ReadChris Parker
Florida Gulf Coast ARMA Chapter
April 2013
Life Cycle of a Record Creation or receipt
Use and maintenance
Disposition = perm retention or………
DESTRUCTION
Definition of Destruction
What is in a hard drive? Lead Brominated Flame Retardants Barium Mercury Beryllium Cadmium
Dept. of Defense 5220.22-M
Definition: DoD 5220.22-M is a software based data sanitization method used in various data destruction programs to overwrite existing information on a hard drive or other storage device.
Type of Media Optical Discs CD/DVD Hard Disc Drives HDD Magnetic Tape Floppy Discs Flash Memory Paper Microform Hand held devices Networking devices – routers etc. Equipment – fax & copy machines
Degaussing Degaussing is the process of decreasing or
eliminating a remnant magnetic field. Due to magnetic hysteresis it is generally not possible to reduce a magnetic field completely to zero, so degaussing typically induces a very small "known" field referred to as bias.
Degaussing was originally applied to reduce ships' magnetic signatures during WWII.
Degaussing is also used to reduce magnetic fields in CRT monitors and to destroy the data on magnetic media.
NIST 800-88 Outlines Which Data Destruction & Erasure Options are Best for You
NIST – National Institute of Standards and Technology
Guidelines for Media SanitizationDisposal – Clearing – Purging – Destroying
State E-Waste Guidelines• 19 States already have E-Waste Legislation
• All states will have in 2 – 3 years.
• Makes it illegal to dump E-Waste in landfills
• Puts a carbon tax on manufacturers
Cost of Improper Destruction Dec 2010 – NASA sells shuttle PCs without wiping
secret data – 10 PCs sold that contained highly sensitive data restricted under the arms control rules.
The employees of a physician disposed of medical records inappropriately by placing them into office recycling bins. Although the contents of the recycling bins were supposed to be shredded, these instructions were not communicated to the building’s janitorial services. As a result, the files were transferred to the building’s recycling area without being shredded. Case settled for $85,000.
Law suits abound The drugstore chain CVS is being sued by the
Texas Attorney General for failure to properly dispose of customer records including credit card and debit card numbers, drivers license numbers and medical prescription forms with name, address, date of birth, issuing physician and the types of medication.
It is a violation of several Texas laws and carries potential penalties of $50,000 per violation and/or $500 per abandoned record.
Disposition Decision Making
Take Destruction Seriously There are laws governing the protection
of PII (Personally Identifiable Information)
Identify theft: The United States Department of Justice states that in 2010, 7% of all United States households had at least one member of the family at or over the age of 12 who has been a victim of some sort of identity theft. The odds are against you.
