Can secure document shredding be used for compliance?
Can secure document shredding be used for compliance? How can shredding be done if data is stored on WORM storage?
Secure document disposal is particularly important in some compliance environments -– those that require complete erasure of sensitive or private data -- either at the end of the document retention period or before used data-storage media can be re-used, removed or scrapped. Example requirements include consumer privacy laws –- particularly in Europe -– and the document security requirements defined by the US Department of Defense (DoD-5015.2 Standard).
By physically or metaphorically "shredding" the stored copies of a document we can ensure that no one can read or reconstruct the contents of a deleted document after disposal even if the drives and recording media are discarded, lost or sold on eBay.
Simply erasing a computer file -- by deleting its directory entry -- is comparable to throwing a paper document in the trash bin. Such simple disposal methods might allow an unauthorized person to retrieve the paper from the bin or recover the computer file from the storage media. To prevent reading of discarded paper documents, many organizations will run those documents through a shredder –- trusting that the resulting barrel of confetti will make physical reconstruction of any one document impractical. (If you're really paranoid, you can burn the confetti.)
We can extend the "shredding" metaphor to stored electronic documents. In addition to deleting the directory entry for a file, computer systems can overwrite the sectors that contained data for that file. For highly secure applications, specialized software can eliminate residual traces of old data by writing over the same tracks many times with different data patterns. (If you're really paranoid, repeat that at different temperatures to eliminate off-track remnants of old data. Or, just crush the media and slag the scraps.)
The overwrite method has some drawbacks. The multiple overwrite passes tend to eat up time as well as data, degrading overall system performance. And the over-write approach does not work for write-once media.
If data is stored on write-once, read-many (WORM) storage as a data integrity safeguard –- e.g., for broker dealer records required under SEC Rule 17a-4 -– there are other ways to ensure that the information is effectively destroyed when that is required.
One obvious method is to physically destroy the media. (See "really paranoid" comments above.)
Another approach is logical shredding of the information content: Encrypt the data when it is stored, and then throw away the decryption key when the data is "deleted." Without the appropriate key, the encrypted data is rendered meaningless, and the deleted document cannot be recovered. Of course, this approach requires good execution including strong encryption and authentication, and secure key management.
Ed note: If you would like to read additional compliance articles, opinions and expert advice, make sure to sign-up for our ALERTS on compliance. Click here to sign up. SearchStorage.com also offers alerts on low-cost storage.
Do you agree with this expert's response? If you have more to share, post it in one of our
This was first published in December 2003