Customer Misconception: Only a Small Portion of Discarded Media Must be Destroyed – Selling Information Disposition by the Book (vol. 6)

May 23, 2017

By Bob Johnson

There are several ways in which data controllers put themselves at risk by destroying only a portion of what should be destroyed. Usually it is by letting employees decide what should be securely destroyed and what can be disposed of casually. It is most commonly seen where a data controller gives the employee multiple options for how media is discarded. This is a mistake for several reasons, and one of the many places Information Disposition confronts this mistake is in can be found on page 47 in Chapter 2 on Physical Security:

Special Collection Issues
Allowing Employee Discretion

It is very risky for a data controller to allow rank and file employees the discretion to determine what media or information requires secure destruction. While allowing employee discretion minimizes the amount of material requiring destruction, it gives every employee the ability to violate an organization’s regulatory compliance. Furthermore, a data security breach traced back to such employee discretion, having arguably been authorized precisely because it was more economical, would be difficult to defend.

Chapter 3 defines what actually constitutes as an official “record,” and what is considered “personal information,” as this will also help explain to data controllers that they are taking a big risk with any destruction program that doesn’t include ALL discarded media. The example of Carlucci v. Piper Aircraft Corp., 102 F.R.D. 472 (S.D. Fla. 1984) in Appendix A of Chapter 3, page 77 is case law demonstrating:

…the need for a document destruction policy as well as a document retention policy — especially in legal situations. The court ended up ruling against Piper in this case due to their incriminating (i.e. inconsistent) document destruction.

Information Disposition also spends considerable time on the importance of employee training, which will help maximize their sensitivity to what must be destroyed.

Get your copy of Information Disposition today >> 

Read the next blog post in this series >>