Data Erasure & Sanitization
Data Security is Critical
Nearly every industry collects and stores customer and client data for documentation or driving the consumer experience. This sensitive and confidential data is stored on devices, hard drives, and servers over the life cycle of the equipment. When equipment becomes outdated, obsolete, or at the end-of-life cycle, proper measures have to be taken for data erasure in order to remove and destroy the data.
Given the sensitivity of the data, data erasure and data sanitization allow companies to mitigate risk of exposure or leakage, while reducing data breaches and achieving compliance. Data protection laws are in place to secure devices and equipment; failure to comply with these regulations and requirements can mean serious business penalties or litigation, making a long-term impact on the business and customers.
Privacy and security are a top priority for companies. Companies spend millions of dollars securing active devices or equipment, and the same rigor should be put in place for those same devices and equipment that are at the end of their life cycle. Data erasure and sanitization permanently removes and destroys all traces of data stored on devices. Proper technique is important to assure that all data has been cleared .
Understanding Compliance and Regulations
There are many federal and state laws and regulations that require companies to follow certain processes and procedures for compliance. GCI is an expert in data compliance, including HIPAA, HiTech, PCI, Gramm-Leach-Bliley Act and NIST SP 800-88. We manage the process from start to finish to not only meet compliance standards, but also provide our clients with the peace of mind and assurance to reduce the risk of data breaches.
Methods of Data Erasure and Sanitization
Strict methods of data erasure are pertinent in many industries where confidential information is stored within equipment and devices. The National Institute of Standards and Technology (NIST) states there are three types of data erasure:
Overwriting – this method of data sanitization
uses a software to replace sensitive data with 0s or 1s or non-sensitive data.
Block Erase – this method works with certain
types of data or storage media. It erases or purges flash memory-based block.
Cryptographic Erase – this method of erasure is
used on devices that have a built-in data encryption feature or features.
Methods That Do NOT Achieve Data Sanitization
There are processes that do not meet the standards of Data Sanitization and Erasure. Data deletion, reformatting, data wiping, file shredding, data destruction (without verification), and factory resets are incomplete methods that do not meet the state and federal requirements. Highly regulated industries need to avoid these methods, because of the risk; these methods have not been proven to remove data permanently.
The GCI Data Erasure and Sanitization Process
Collected data must be handled on and off network. Even when an IT asset is removed from the company network, the data is not protected by the network firewall. This allows the security to be at a higher risk.
To protect client data, GCI performs proven processes to protect data-bearing devices during the IT asset disposition process. All data erasure is completed in strict adherence with NIST SP 800-88 standards at our R2/RIOS certified facility. Our data-erasure lab uses advanced technology equipment and processes to ensure that all data is properly sanitized and erased to the most stringent standards. For added measure and the highest level of quality, all asset types are separated and erased according to their unique requirements. Once erased, GCI audits for successful erasure. If a device is non-functional or cannot be successfully sanitized, it will be degaussed and then destroyed to prevent any data exposure. The data overwrite process is audited on a daily basis to ensure compliance and quality, and certificates of erasure and destruction are issued for permanent records. We understand that this process can be time-consuming, which is why we will do the work for you.
We also offer on-site data erasure for the highest level of security. Our services can be performed in our lab or on-site at the customer location, providing the most comprehensive data security to our customers.
Choosing What is Right for You
Deciding what is the best process for your company can be difficult. GCI is happy to walk through the process with you to determine the best, cost-effective solution that is tailored to your needs.