4. Disposing of Data — Do It Responsibly


Destroying Paper Records Yourself

  • Shred all sensitive paper documents. Never just deposit them in the trash or dumpster.
  • Ideally, use a shredder that cross-cuts, confetti-cuts, or particle-cuts.

Destroying Electronic Records Yourself

What works

  • Use data wiping software. It removes information by writing new, meaningless information on top of old information.
  • Use specialized shredders to destroy CDs and DVDs.
  • "Magnetically degauss" hard drives in old computers. Magnetic degaussing uses extremely strong magnets to remove the magnetic encoding that stores data. Although degaussing machines are expensive, many companies charge less than $10 to degauss a hard drive.

What does not work

  • Breaking an old computer. Breaking an old computer does not mean that you are breaking the hard drive where data is stored. Although it is possible to remove the hard drive and then physically destroy it (e.g., drilling a hole through it) this can be time-consuming and dangerous if you don't have the right equipment.
  • Microwaving CDs and DVDs. Although microwaving a CD or DVD destroys the data on the disk, it may also release toxic fumes into your microwave or cause a fire.
  • Placing it in the "Recycle Bin" on your desktop, or clicking "Delete." It may disappear from your screen, but it still exists and could be recovered by a computer expert.

Hiring a Disposal Company

  • Consider using a certified disposal company. The National Association for Information Destruction (NAID) audits their member companies for compliance with the association's standards.
  • Ask if they have been independently audited or certified, and request a copy of the audit or certification.
  • Check the company's BBB Business Review at www.bbb.org.
  • Ask for several references and call the references.
  • Ask for a signed agreement that explains the company's procedures for destroying documents.

35% of data breaches involve a contractor or someone inside the organization.

Source: 2013 Ponemon Institute Cost of Data Breach Study