To Stay Compliant, Media Destruction is a Must
Personally Identifiable Information (PII) and Protected Health Information (PHI) stored on any type of media, whether paper or electronic, is protected by law and requires any person or organization that generates that information to protect it during its lifecycle and destroy it at the end of that lifecycle. Laws that govern the control of private information include:
- The Health Insurance portability and Accountability Act (HIPAA), created to protect patients’ medical records and PHI.
- The Fair and Accurate Credit Transactions Act (FACTA), instituted to fight identity theft and hold persons and organizations accountable for negligence or misuse of private and personal information.
- The Gramm-Leach-Bliley Act (GLBA), enacted to govern and protect the information that financial institutions save and share.
Myths about Media Destruction
1. When you say media, you mean hard drives, right?
Yes. Magnetic, rotational, and solid-state drives are considered electronic media and usually referred to as “hard drives.” But we also mean:
- Backup tapes
- USB drives
- CDs, DVDs, and Blu-rays
- Microfilm and microfiche
- Fax machines
- Mobile phones
2. I can just store our obsolete media until I figure out a way to destroy it.
Leaving media sitting around is considered non-compliant with data privacy laws such as those listed above. Any media that has personal information still stored on it is at risk of being lost, accidently discarded, or stolen. Any information on the media that is governed by privacy laws also has required retention and final disposition dates. Ignoring these puts you at risk of non-compliance.
3. Erasing media before discarding it is sufficient.
Erasing the files on your media doesn’t actually remove the information, it only marks those sectors of the drive as available for overwriting. Any thief can retrieve that data with a little know-how.
The best way to be completely sure that all information can never be retrieved is by having it professionally destroyed by a qualified shredding and destruction company in compliance with all state and federal data privacy laws.
4. Selling or giving away our obsolete media is a good way to dispose of it.
Unfortunately not. Remember that any personal information that remains on that media will always be your responsibility. Once you have sold or given away that media, the information stored on it is no longer protected—you have no control over its use or distribution—which immediately makes you non-compliant.
5. An electronics recycling company can take our media and destroy it.
Recyclers are not legally obligated to protect your media, and will likely leave it in an unsecured pile until they are ready to salvage or recycle any of it. In the meantime, it can easily be stolen by thieves who are well aware of the gold mine these devices can hold.
Professional, NAID AAA Certified shredding companies will protect your information, where a salvager will not.
6. If I leave our media in the recycling bin it will be destroyed and recycled.
Tennessee recycling laws do not permit media to be disposed of in recycling bins. And even if it was allowed, the minute you leave media in the recycling bin, it’s vulnerable to theft by anyone from a passer-by to a recycling plant worker, and everyone in between.
7. I can just destroy our media myself.
You can attempt to destroy your media, but this comes with risks, including:
- The risk of injury and the cost and associated insurance costs and claims. Electronic media is robustly built, hard to destroy, and contains toxic elements.
- Consider the time you spend destroying your electronic media. How much is your time worth?
- Can you be 100% sure that the information on your media will be damaged enough to make it unretrievable?
- You will not have a Certificate of Destruction to prove your compliance with state and federal data privacy laws. When the auditor comes knocking, you’ll be glad you have those Certificates.
- Whatever method of destruction you choose, you are also responsible for disposing of your media in a legally and environmentally-safe manner.
What is my best choice for discarding media?
Rather than illegally storing it, erasing it, or attempting to destroy it yourself, partner with a locally-owned, NAID AAA Certified shredding company and sleep better at night.
ShredPro Secure is NAID AAA Certified and locally owned and operated, and we believe in protecting our precious resources. We provide businesses in East Tennessee and Southwest Virginia with secure, compliant media destruction services, including a Certificate of Destruction upon request after each service. Call and talk to our friendly experts at 865-986-5444 or complete the form on this page. We look forward to serving you!