Data destruction: The challenge of loaded terminology
January 8, 2013
I have often related the story of having traveled all the way to Warsaw, Poland to address a business group, only to be challenged, before I even spoke, with the question, “Was there really no one between Arizona and Poland who could talk to us about shredding?”
The question put me on my heels for a second but then it dawned on me that this is exactly our problem. For the most part, even people who should know better, think of information destruction as the act of shredding or, more precisely, the act of putting a piece of paper into a machine that creates particles. Concepts such as policies, training, access control, audit trails, employee screening, transfer of custody, acceptance of fiduciary responsibility, contracts and vendor qualifications are nowhere to be seen.
And, unfortunately, we see the same thing on the electronic destruction side. In that world, specifications for proper drive “sanitization” start where the device is plugged into the machine administering the process.
The most telling example of these over simplistic perspectives of destruction can be found in commonly referenced specifications. I have often pointed out that someone could meet the GSA specification for paper destruction, or the NIST 800-88 specification for sanitization using unscreened homeless people in the vacant lot on the corner of Camelback and 19th Avenue here in Phoenix, Ariz.
Data destruction is widely viewed as an event, instead of a process. There is a perfectly logical reason for how and why it is this way but that’s another talk show. The point is we have to redefine “destruction.” When we use the word “shredding” or “destruction,” very few people would conjure up the litany of critically important factors listed above. In reality, as it stands today, the use of those words screams “COMMODITY.”
Our task, starting this year, and for many years to come, is to redefine what decision makers consider proper information disposition. I’m in. How about you? Stay tuned.