Florida Gulf Coast ARMA Chapter Data Destruction Donna Read Chris Parker Is it really gone? April 2013
Life Cycle of a Record • Creation or receipt • Use and maintenance • Disposition = perm retention or………DESTRUCTION
What is in a hard drive? • Lead • Brominated Flame Retardants • Barium • Mercury • Beryllium • Cadmium
Dept. of Defense 5220.22-M • Definition: DoD 5220.22-M is a software based data sanitization method used in various data destruction programs to overwrite existing information on a hard drive or other storage device.
Type of Media • Optical Discs CD/DVD • Hard Disc Drives HDD • Magnetic Tape • Floppy Discs • Flash Memory • Paper • Microform • Hand held devices • Networking devices – routers etc. • Equipment – fax & copy machines
Degaussing • Degaussing is the process of decreasing or eliminating a remnant magnetic field. Due to magnetic hysteresis it is generally not possible to reduce a magnetic field completely to zero, so degaussing typically induces a very small "known" field referred to as bias. • Degaussing was originally applied to reduce ships' magnetic signatures during WWII. • Degaussing is also used to reduce magnetic fields in CRT monitors and to destroy the data on magnetic media.
NIST 800-88 Outlines Which Data Destruction & Erasure Options are Best for You • NIST – National Institute of Standards and Technology • Guidelines for Media SanitizationDisposal – Clearing – Purging – Destroying
State E-Waste Guidelines • 19 States already have E-Waste Legislation • All states will have in 2 – 3 years. • Makes it illegal to dump E-Waste in landfills • Puts a carbon tax on manufacturers
Cost of Improper Destruction • Dec 2010 – NASA sells shuttle PCs without wiping secret data – 10 PCs sold that contained highly sensitive data restricted under the arms control rules. • The employees of a physician disposed of medical records inappropriately by placing them into office recycling bins. Although the contents of the recycling bins were supposed to be shredded, these instructions were not communicated to the building’s janitorial services. As a result, the files were transferred to the building’s recycling area without being shredded. Case settled for $85,000.
Law suits abound • The drugstore chain CVS is being sued by the Texas Attorney General for failure to properly dispose of customer records including credit card and debit card numbers, drivers license numbers and medical prescription forms with name, address, date of birth, issuing physician and the types of medication. • It is a violation of several Texas laws and carries potential penalties of $50,000 per violation and/or $500 per abandoned record.
Take Destruction Seriously • There are laws governing the protection of PII (Personally Identifiable Information) • Identify theft: The United States Department of Justice states that in 2010, 7% of all United States households had at least one member of the family at or over the age of 12 who has been a victim of some sort of identity theft. The odds are against you.
Questions? • Donna Read, CRM, CDIAemail@example.com • Earl Rich, CRMearl.firstname.lastname@example.org • Chris Parkercparker@ssbrm.com