Destruction Is A Process Not A Particle
Does particle size matter in the whole destruction scheme of things? Yes.
There seems to be some level of confusion when concerning a particle.
What needs to be understood in regards to a particle is that a particle is nothing more than one aspect of the destruction process. Data destruction requires several steps that must be followed to destroy sensitive material properly.
Depending on the data that is being destroyed (paper documents or electronic information) there are specific steps and procedures that must be implemented when destroying data and information appropriately.
For many individuals, the term “record destruction” evokes an image of a shredding machine along with black garbage bags, which then is taken outside to be removed by garbage trucks.
This is a very poor understanding of the definition of record destruction and for many people, even those in the industry, believe this to be the overall process in regards to record destruction. However, this is by no means the reality of the destruction of data.
The process involved in data destruction involves several steps which are all meant to guarantee that the sensitive information that is being collected for disposal does not fall in the hands of unauthorized individuals who would want this bit of information.
The process of data destruction goes as followed:
- The collection of the data
- The staging
- The transfer of custody
- The acceptance of fiduciary responsibility (in which all parties and agreements come to the conclusion that the material which is being destroyed is sensitive and confidential)
- The transport
- The processing (the destruction)
- The disposal of destroyed materials
This process should be fundamentally part of an organization’s process. Some bullet points that apply to organizations:
- Employee screening
- Employee monitoring
- Access control
- Employee training
- Policies and procedures
- Audit trails
As you can see there are a considerable amount of steps and procedures involved in the whole data destruction process. The notion that data destruction is merely shredding documents or throwing away electronic information is a very "dangerous" understanding of the term.
The security that is involved in the destruction process has become a major inclusion in the regulation for many destruction data services. This is due in part to the modifications that have been made to the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The Modification Of HIPAA
The modified security regulations have been incorporated into the whole data destruction process, which is why the relevancy of data destruction as a service has seen a massive increase in demand.
Furthermore, these regulations look for a “process” perspective from major data protection regulations in the US including a requirement that must identify the data destruction “process.”
It should be stated that these regulations do not refer to a specific particle or shred size. These regulations focus solely on the process of the data destruction and not so much on the size.
Choosing The Right Partner
When hiring a firm that destroys records and data, every customer has the right to determine the particle size that best protects them. However, it would prove most beneficial to remember that the particle size is not the most important thing to consider in regards to your data destruction.
Why - because many data destruction services can offer any particle size that their client may want. However, and this is very important to keep in mind, there are some data destruction services that grossly underperform in the data destruction process. This, in turn, leads to less security - and security, is of the utmost importance when concerning data destruction.
As we have mentioned above, several steps are involved in the whole data destruction process, and all of these steps are meant to add more security. In truth, the particle size only becomes relevant after all the security aspects of the destruction process have been fully addressed.
Outsourcing Can Be A More Secure Process
When data that is no longer desired is destroyed at the office or nearby the company’s building - the chances of any unauthorized individuals getting there hands on the shredded documents, or thrown away data, is that much accessible.
There is a saying among those who look and forage through dumpsters in search for personal and competitive information - the saying goes as such, “When you’re looking for information, take the shredded stuff.” Shredding documents and placing them out for the garbage pickup is one of the most reckless methods to which one can destroy their data.
Identity theft doesn’t look like the stock photo images of ski masked villains carrying your laptop away while it’s still plugged in. It’s malicious downloads, unauthorized USB devices, misplaced devices, and incorrectly disposed of computers, tablets, and cell phones. This is why we made Clarabyte’s suite of tools: to remove data before the device is unplugged.
It’s also for this reason that commercial destruction services have become very popular and the demands over the years has risen; especially in regard to electronic data destruction.
With an improved process, and a technology partner like Clarabyte to help bring peace of mind, your confidential information will stay confidential. The information that you hand over will undergo the destruction process to a reasonable extent which all falls in line with the regulations - and those services which fail to comply with the new regulation must pay a hefty fine.
With there now being a much higher demand for data destruction - coupled with a few new regulations that HIPAA has now enforced many businesses and entities to follow - the level of security surrounding data destruction has significantly improved.
Technology is constantly evolving. Encryption is great, until it isn’t any longer. It’s one of the risk mitigation technologies that any firm can integrate, and they should. It is a risk mitigation strategy to retire IT assets encrypted, and a risk removal strategy to utilize ClaraWipe.
Data destruction regulations will continue to evolve, and cyber programs over the globe will adopt technology partners to best protect them. Continuing to adopt new technology to protect your company’s data is imperative, and it’s why cybersecurity is red hot as an industry. At a certain point in a data’s life cycle, the data creates more of a liability than it provides value. That’s why we created Clarabyte, to remove the risk, not play defense. The potential risk, and the cost of a breach pale in comparison to the simple, user friendly tool that we’ve created. It’s why we’ve been successful, and continue to help clients over the globe.