An up-to-date data retention policy is an essential part of any data security program. Not only is your policy your guide to understanding how long your organization should be archiving its data, but it’s also critical for establishing the best way to dispose of that data when it’s no longer required.

Once any operational, compliance, and legal requirements have been met, there’s a large downside to holding onto your data for any longer than is strictly necessary. Common drawbacks include:

• The need for dedicated storage space for hard drives pulled from IT equipment  
• Higher data management costs and loss of residual value by letting assets collect dust
• The creation of a security risk in the form of a potential data breach or physical theft

It’s therefore well worth reviewing your data retention policy to ensure it’s still meeting your company’s needs with regard to when – and how – you dispose of your data.

Many of the data retention policies in force today have been in place for a very long time. While it’s not uncommon for these policies to be based on zero risk tolerance, for many organizations, ensuring their data is safely destroyed continues to mean only one thing: the physical destruction of unwanted data through hard drive crushing or shredding.

Data security programs that haven’t been updated in a while don’t always account for new technology solutions that guarantee hard drive data wiping or erasure is now equally effective to hard drive shredding when it comes to achieving zero risk.

With that in mind, modernizing your data retention policy should include:

• Learning about updated data wiping standards
• Revisiting older or out of date policies that haven’t been revised in keeping with modern advances in data disposal
• Understanding why these methods and standards are secure enough for your business

The reality is that modern hard drive wiping software solutions, and the security and auditability standards that govern them, have caught up with today’s data security requirements – and are more than sufficient to provide zero risk to your organization.

Download a PDF version of Data Security Programs That Make Sense

• Name*
• Email Address*
• Phone Number*
• Company Name
• City*
• By checking this box, you consent to receive further marketing communications from Quantum Lifecycle.*
  • By checking this box, you consent to receive further marketing communications from Quantum Lifecycle.
• Phone
  This field is for validation purposes and should be left unchanged.

Although the DoD (Department of Defense) 5220.22-M data wiping standard method was once common in data retention policies, it’s widely considered to be out of date.

Instead, data disposal procedures governed by the NIST (National Institute of Standards and Technology) SP 800-88 standard – the most current standard available – are followed by many health and government organizations.

Advanced data erasure software from companies like Blancco is specifically designed to accomplish data wiping up to the level established by the SP 800-88 standard.

Through multiple-wipe protocols that accommodate various types of hard drives and IT equipment, these solutions:

• Achieve secure and permanent data erasure through random overwrite methods that accommodate both older magnetic hard drives and newer solid state drives (SSDs)
• Confirm your data is fully wiped and unrecoverable with an audit-proof report
• Provide a verifiable Certificate of Destruction

Reputable electronics recycling specialists not only make a point of providing data wiping services integrated with the most up-to-date security standards, they maintain verifiable cyber liability policies and industry-compliant certifications.

Having established that data erasure is equally secure to hard drive destruction, the question remains: why make the switch?

According to security experts like Blancco, data retention policies call for permanent, end-of-life data erasure because not only does deliberately removing data from a memory device with an approved solution leave no usable, residual data, it ensures that – even with the assistance of advanced forensic tools – that data will never be recovered. 

At the same time, data wiping should be your disposal method of choice for several additional reasons: sustainability, convenience, and value maximization.

Sustainability

Since it’s no longer necessary to shred a working piece of technology to feel confident that any data it contains has been properly destroyed, there’s an enormous environmental upside to securely wiping your hard drives or performing factory resets on smartphones and network equipment. Because securely wiped data drives and devices can be reused, they both keep shredded components out of local landfills and reduce the need to manufacture new products. 

Convenience

Advanced data erasure techniques also do away with the need to invest time, effort, and expense into:

• Removing the hard drives from individual pieces of IT equipment
• Tracking their whereabouts while they’re transferred or stored, and
• Pre-wiping your drives as an internal security measure before paying a 3rd-party service provider to wipe them again

Value Maximization

Not only is sending your equipment intact to a data erasure specialist less labour and cost-intensive for your internal IT resources, you stand to maximize your IT budget – and your return – from a value recovery perspective.

Consider, for example, the fact that a working hard drive holds significantly more value than one that’s been shredded. While you can re-sell and recoup some financial value from a drive that’s been wiped, the same can’t be said for one that’s been physically destroyed.

At the same time, empty IT assets that have had their hard drives removed are worth significantly less from a resale point of view – a difference in value that can’t be recouped from any governmental recycling incentives.

Not only do modern software solutions accommodate the erasure of hard drive data on intact equipment, the value that equipment retains as a result can be captured by asset reuse specialists and shared with their clients.

Adopting a data security program that makes sense requires an open mind and a willingness to explore current options. Given the speed with which many new technologies develop, it’s easy for company policies to grow old and stale before they come up for review.

If you haven’t thought about your data retention policy in a while, it’s probably worth taking the time to revisit it with the intention of bringing your data disposal guidelines up to date.

Standards in protection technology have caught up with professional data security needs to the point where – so long as you choose a service provider who’s certified, compliant, and transparent – you can have peace of mind knowing your company’s data will be permanently erased.

Electing the option of data erasure over physical hard drive destruction won’t just fully meet your zero risk tolerance policy requirements but also help you recover extra value from a more sustainable e-waste solution.