Sanjeev Dahiwadkar
20 Aug 2021

Secure data disposal a must to navigate data privacy regulations

Cyberattacks are on a rise. Many high-profile data breaches involving companies like Microsoft, Zoom, Cognizant, Twitter, Whisper, MGM Resorts, and many more took place in the last one and half years. Data breaches, data leaks, and data exposure are the result of the data revolution that has happened in present times. From storing personal pictures on a mobile phone to sending the resume by mail to a prospective employer, we all deal with a humongous amount of data in our daily lives. This creates its own set of challenges. Unwanted data not disposed properly can not only compromise the privacy of an individual but can also potentially expose an enterprise to manipulation & business loss if falls into the wrong hands. Therefore, data disposal is a must to protect sensitive information. However, mere deletion of data is not disposal. Though data appears to be removed, it is actually hidden and recoverable from the storage device with data recovery tools as well as with little knowledge about how data is stored. Therefore, permanent removal of data from the device with no shred of possibility to recover it on a later date or data destruction in industry parlance is the need of the hour. Just a shredder is a must for shredding confidential papers, electronic shredder is a must for wiping unwanted confidential data files.

Regulatory landscape:

Data destruction is no longer a convenience, multiple regulators across the globe are making this a mandate according to the privacy laws. The Federal Trade Commission (FTC) of the United States of America requires any business or individual that uses a consumer report for business purposes must dispose of that data under strict guidelines. For instance, paper records must be burned, pulverized, or shredded; while electronic files must be erased or destroyed so the consumer data can’t be read nor reconstructed.

FTC mandates that any business or individual who uses a consumer report for a business purpose has to comply with the disposal rule. The rule requires proper disposal of information in consumer reports and records to protect against unauthorized access or use of that information. This Disposal Rule applies to consumer reporting companies, lenders, insurers, employers, landlords, government agencies, mortgage brokers, automobile dealers, attorneys or private investigators, debt collectors, entities that maintain information in consumer reports as part of their role as service providers among others.

Similarly, most states of the US have data destruction regulations. According to the National Conference of State Legislatures, at least 35 states, D.C. and Puerto Rico have enacted laws that require either private or government entities or both to destroy, dispose of, or otherwise make personal information unreadable or indecipherable on a later date.

The European Union’s General Data Protection Regulation (GDPR) also has comprehensive regulations with regard to data disposal. The regulations require organizations to follow certain steps before destroying anything. It mandates that owners of the data have the ultimate say over their data, even when it comes to destruction. The GDPR also states that data on end-of-life devices like hard drives, computers, and many more must be completely destroyed so that data becomes irrecoverable.

Against this backdrop, WipeOut Inc provides secure data destruction solutions to enterprises and individuals to comply with the regulations. Through its patented technology tool, data is permanently erased. As an intelligent platform, it factors in data compliance regulations of several jurisdictions and helps enterprises and individuals the much-needed protection from the data breach, mitigating the risks arising from cyber threats. Wipeout e-shredder is easier to use than a paper shredder.

With threats of cyberattacks rise each passing day, enterprises have to dispose of their business-sensitive data securely for preventing their misuse, failing which reputational and non-compliance risks arise. Therefore, each organisation should conduct a data audit and follow a structured approach with the help of the right technology partner for the safe disposal of data.

By Sanjeev Dahiwadkar
CEO, ITShastra