The Case for Data Destruction (and Why Data Retention Mandates Would Make it Impossible)

by on February 25, 2009 · 6 comments

Over at Computerworld, Ben Rothke makes the case for “Why Information Must Be Destroyed.”  “Given the vast amount of paper and digital media that amasses over time,” he argues, “effective information destruction policies and practices are now a necessary part of doing business and will likely save organizations time, effort and heartache, legal costs as well as embarrassment and more.”  He continues:

Every organization has data that needs to be destroyed. Besides taxes, what unites every business is that they possess highly sensitive information that should not be seen by unauthorized persons.  While some documents can be destroyed minutes after printing, regulations may require others to be archived from a few years to permanently.  But between these two ends of the scale, your organization can potentially have a large volume of hard copy data occupying space as a liability, both from a legal and information security perspective.  Depending on how long you’ve been in business, the number of physical sites and the number of people you employ, it’s possible to have hundreds of thousands, if not millions, of pages of hard copy stored throughout your company — much of which is confidential data that can be destroyed.

He’s no doubt correct that it makes good business sense to routinely purge data — both physical and digital — to guard against theft, misplacement, leaks, abuse, or whatever else.  Of course, in the context of digital information, there are many folks who would like to see digital records purged more frequently to avoid growing concerns about online privacy.  I think most of those concerns are over-stated, but it can’t hurt to destroy most collected information after a certain period to play it safe and keep customers happy.

Problem is, as we discussed here last week, if some lawmakers in Washington get their way, it might be illegal to do that!  Quite obviously, data retention mandates are at odds with data destruction efforts.  [Mitch Wagner has more coverage of the data retention debate over at Information Week and he quotes my PFF colleague Sid Rosenzweig.]

  • magicnike

    Warmly welcome visit our website http://www.magicnike.com
    ,We supply different shoes : shoes
    , Nike shoes , Jordan shoes , Adidas shoes , Puma shoes , Air max , Air force, Gucci shoes , D&G shoes , Prada shoes , Dunk , LV shoes , Lacoste shoes , Ugg shoes , Hogan shoes and so on. , Sportswear (NBA) , T-shirts (NIKE , PUMA , POLO , LACOSTE) , Jeans ( EVISU , BAPE , BBC ) , Handbags (LV , GUCCI , PRADA,FENDE ). Our company have many advantages: high quality,competitive price,punctual delivery, reliability,high reputation, the products sell to the worldwide,feel free choose your likes from our website.

  • onsalecc
  • http://www.business-supply.com Brad

    Appropriate data management (paper and electronic data) is an absolute must in this day and age. Having worked corporate security for a fortune 500 company for a number of years, I can tell you from firsthand experience that confidential data loss is a significant issue. There are companies in the marketplace today that are paid vast sums of money to gather as much info as possible on a specific target company. The methods used for this activity are devious and effective. Many small companies incorrectly take the “we're too small to be a target” approach and have very loose data management policies. While this may be the case in some situations, it pays to take a pro-active approach to data management from both a security and deletion perspective.

  • http://www.business-supply.com Brad

    Appropriate data management (paper and electronic data) is an absolute must in this day and age. Having worked corporate security for a fortune 500 company for a number of years, I can tell you from firsthand experience that confidential data loss is a significant issue. There are companies in the marketplace today that are paid vast sums of money to gather as much info as possible on a specific target company. The methods used for this activity are devious and effective. Many small companies incorrectly take the “we're too small to be a target” approach and have very loose data management policies. While this may be the case in some situations, it pays to take a pro-active approach to data management from both a security and deletion perspective.

  • http://www.business-supply.com Brad

    Appropriate data management (paper and electronic data) is an absolute must in this day and age. Having worked corporate security for a fortune 500 company for a number of years, I can tell you from firsthand experience that confidential data loss is a significant issue. There are companies in the marketplace today that are paid vast sums of money to gather as much info as possible on a specific target company. The methods used for this activity are devious and effective. Many small companies incorrectly take the “we're too small to be a target” approach and have very loose data management policies. While this may be the case in some situations, it pays to take a pro-active approach to data management from both a security and deletion perspective.

  • Pingback: devenir rentier

Previous post:

Next post: