Disposal of Confidential Electronic Information
Confidential electronic information can be stored in photo copiers, multi-function output devices, tablets, laptops, desktop workstations, and a wide array of electronic devices and media. In some instances, it may not be readily apparent to the user that confidential information is there. Consider the steps that you and your company have taken to make sure that confidential electronic information is identified and removed from equipment, workstations, and information systems before they are decommissioned, removed from your home or facility, or permanent retired (disposed).
Why is focus placed on proper disposal?
An unauthorized user may access and/or share confidential electronic information or devices where this data is stored once it’s removed from your possession. Company policies and personal diligence should be exercised and strictly enforced.
What can be done to safeguard against improper disposal?
- Remove media from devices before permanent disposal, donation, or transfer of ownership
- Use an approved “degaussing” utility to ensure any remaining data is unreadable
- Consider physical destruction of the media
Remember, simply using the “delete” function to erase data does not mean that it is permanently removed from the media. Opportunities exist for an unauthorized user to directly read the information on that media, even if they do not have a login to the installed operating systems.
We’ve also talked about encrypting data on media. Encrypting data on media will also help prevent the unauthorized access of data on that media, should it be lost, stolen, or placed in the wrong hands.