Electronic Data Destruction 101: Chain of Custody
Posted in Blog
If it’s time to replace your IT equipment, then it’s time to double check that your data security policy contains a secure chain of custody and an electronic data destruction process. This will ensure that your computer hardware with sensitive data makes it safely from your facility through data destruction to a certified asset disposition company that has been properly vetted. To significantly reduce the risk of legal, financial and PR disasters, be sure that a certified and bonded service provider properly handles the onsite data destruction or secure transport of the assets to help prevent a data security breach.
What is a Chain of Custody?
Chain of custody is a fully auditable paper trail providing end to end visibility documentation of what was done, when, and by whom in the process of electronic data destruction. This should include:
- An assigned project manager
- Identification and scanning all serial numbers for tracking purposes
- Optional: Scanned and matching computer and hard drive serial numbers
- A recording of the time of disposition, and the method of disposition
- Identification of the individual executing the procedure
- A video recording of the process
- A signed Certificate of Destruction proving compliance with relevant privacy legislation.
Why do you need a Chain of Custody?
Maintaining an auditable record of chain of custody is necessary for regulatory compliance and data management. It will help to protect your business against any potential regulatory fines that could be incurred for a data breach that may result from IT assets being improperly disposed of. And a secure chain of custody includes a Certificate of Destruction, a nationally-recognized record to keep on file helping you document compliance with state and federal privacy laws such as HIPAA, PCI, FACTA, Gramm-Leach-Bliley, and Sarbanes-Oxley.
NAID AAA Certification and Chain of Custody
Using a NAID AAA certified data destruction vendor ensures the highest standard of information destruction. NAID-certified companies undergo announced and surprise audits that include careful scrutiny of the chain of custody audit trail and procedures. Selecting onsite electronic data destruction services further reduces the opportunity for chain of custody gaps resulting from packing and shipping. Additionally, with onsite data destruction, you’ll be able to have your own staff witness the process to further strengthen your chain of custody process and verification.
Chain of custody is a legal obligation for anyone disposing of sensitive data. To ensure compliance and verification of compliance is a part of your ITAD (IT Asset Disposition) program, ask your VAR or contact Guardian Data Destruction for advice. No one needs the embarrassment, financial and legal consequences of an end of life data breach that could have been easily avoided.
We also recommned
5 ways to make Data Privacy Week 2023 a security win
How to make the most out of Data Privacy Day 2023 Is January 28th highlighted on your calendar? If not, it’s time to add the …
Hard Drive Shredding and other onsite data destruction and IT logistics services during inclement weather
Bad weather happens. Whether your project site is subject to a hurricane, tornado, high winds, flooding, winter storm or extreme heat, Guardian has you covered. …
Video Tour: Secure IT Packing and Logistics
Guardian’s IT Packing and Logistics services are all about getting your IT assets from A to B without any damages or loss in value. “Secure …
Stay in the know
Get relevant information right in your inbox
We do not sell or share your information with anyone