Feature

Data destruction: When data should disappear

Ezine

This article can also be found in the Premium Editorial Download "Storage magazine: Learning data retention lessons from Warner Bros.."

Download it now to read this article plus other related content.

Most companies don't have a detailed policy that governs what data they need to keep and what data should be destroyed.


Once a year, the Winter Hill Bank in Somerville, MA, gets rid of everything--hundreds of boxes of paper, backup tapes and even plastic binders, according to Bill DiTucci, facilities manager at the bank. "The truck comes and in a couple of hours it's all destroyed right there in front of us," he says.

Like many other financial institutions around the world, Winter Hill Bank isn't taking any chances when it comes to protecting customer information. With a data destruction policy in place, DiTucci says the bank is less exposed to criminal and civil prosecution, as well as the costly loss of business that comes from newspaper headlines should sensitive customer data end up in the wrong hands.

Winter Hill Bank uses The Brinks Company, a document and media destruction firm that operates a fleet of mobile shredding trucks across the U.S. On a scheduled basis, these vehicles roll up to a customer site and pulverize mountains of paper or backup media, depending on the company's requirements, in exchange for a certificate of destruction confirming the job was done according to guidelines from the National Institute of Standards and Technology. "We destroy in 15 minutes what would take you days and days to shred," boasts The Brinks Company on its Web site.

For other organizations, however, especially those with open litigation

Requires Free Membership to View

cases, data destruction is a tightly controlled process, most often dictated by the policies established by the company's legal department. For example, Harold Shapiro, director and technology architect, management information services at Warner Bros. Entertainment Inc., says he's required to hold on to some tapes forever.

Another company, Data Killers, a division of Turtle Wings Inc., an electronics recycling center in Capitol Heights, MD, operates a 6,600 lb., four-shaft shredder that can shred approximately 1,000 lbs. of metal and plastic per hour. The shredding process not only cuts and shreds metal but, by forcing it through cutters and screens, compresses and compacts it, rendering it completely unrecoverable, claims the company.

The College of Southern Maryland, La Plata, MD, put this process to the test recently to dispose of 1,200 backup tapes it found while renovating a building on campus. "[The tapes] were put on a top shelf and nobody knew they were there," says Peggy Jones, business manager for the information management team at the college. The college had migrated to a new backup application and the old tapes were unreadable in the new system. In a little more than an hour at the Data Killers' facility, the tapes were pulverized into a substance that looked like "confetti" says Jones, adding that they had no idea what was on the tapes "and you can never be too careful these days." The college is in the process of creating a destruction policy so it doesn't face the same backlog of tapes in the future.

But even shredding doesn't always do the job, says Brett Shavers, president of E3 Discovery LLC, Bellevue, WA, and a computer forensics examiner. He's recovered data from drives that seem completely beyond repair. "It's possible to read useful data off a platter that has been cut into chunks that are only 1/25th of an inch," he claims. A more common issue, he notes, is firms "wiping" drives and then donating/selling them and the data still showing up. "People's healthcare records have turned up in the oddest places," he says.

This was first published in August 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: