Data_Destruction - Florida Gulf Coast ARMA Chapter

Download Report

Transcript Data_Destruction - Florida Gulf Coast ARMA Chapter

Florida Gulf
Coast ARMA
Chapter
Donna Read
Chris Parker
Data
Destruction
Is it really gone?
April 2013
Life Cycle of a Record
 Creation
 Use
or receipt
and maintenance
 Disposition
= perm retention or………
DESTRUCTION
Definition of Destruction
What is in a hard drive?






Lead
Brominated Flame Retardants
Barium
Mercury
Beryllium
Cadmium
Dept. of Defense 5220.22-M
Definition:
DoD 5220.22-M is a
software based data sanitization
method used in various data
destruction programs to overwrite
existing information on a hard
drive or other storage device.
Type of Media










Optical Discs CD/DVD
Hard Disc Drives HDD
Magnetic Tape
Floppy Discs
Flash Memory
Paper
Microform
Hand held devices
Networking devices – routers etc.
Equipment – fax & copy machines
Degaussing

Degaussing is the process of decreasing or
eliminating a remnant magnetic field. Due to
magnetic hysteresis it is generally not possible to
reduce a magnetic field completely to zero, so
degaussing typically induces a very small "known"
field referred to as bias.

Degaussing was originally applied to reduce ships'
magnetic signatures during WWII.

Degaussing is also used to reduce magnetic fields
in CRT monitors and to destroy the data on
magnetic media.
NIST 800-88 Outlines Which Data
Destruction & Erasure Options are Best
for You
 NIST
– National Institute of Standards and
Technology
 Guidelines
for Media Sanitization
Disposal – Clearing – Purging – Destroying
State E-Waste Guidelines
• 19 States already have EWaste Legislation
• All states will have in 2 – 3
years.
• Makes it illegal to dump EWaste in landfills
• Puts a carbon tax on
manufacturers
Cost of Improper Destruction

Dec 2010 – NASA sells shuttle PCs without wiping
secret data – 10 PCs sold that contained highly
sensitive data restricted under the arms control rules.

The employees of a physician disposed of medical
records inappropriately by placing them into office
recycling bins. Although the contents of the
recycling bins were supposed to be shredded, these
instructions were not communicated to the
building’s janitorial services. As a result, the files were
transferred to the building’s recycling area without
being shredded. Case settled for $85,000.
Law suits abound

The drugstore chain CVS is being sued by the
Texas Attorney General for failure to properly
dispose of customer records including credit
card and debit card numbers, drivers license
numbers and medical prescription forms with
name, address, date of birth, issuing physician
and the types of medication.

It is a violation of several Texas laws and
carries potential penalties of $50,000 per
violation and/or $500 per abandoned record.
Disposition Decision Making
Take Destruction Seriously
 There
are laws governing the protection
of PII (Personally Identifiable Information)
 Identify
theft: The United States Department of
Justice states that in 2010, 7% of all United States
households had at least one member of the family
at or over the age of 12 who has been a victim of
some sort of identity theft. The odds are against
you.
Questions?
 Donna
Read, CRM, CDIA+
[email protected]
 Earl
Rich, CRM
[email protected]
 Chris
Parker
[email protected]