Electronic Data Destruction 101: Chain of Custody
Posted in Blog
If it’s time to replace your IT equipment, then it’s time to double check that your data security policy contains a secure chain of custody and an electronic data destruction process. This will ensure that your computer hardware with sensitive data makes it safely from your facility through data destruction to a certified asset disposition company that has been properly vetted. To significantly reduce the risk of legal, financial and PR disasters, be sure that a certified and bonded service provider properly handles the onsite data destruction or secure transport of the assets to help prevent a data security breach.
What is a Chain of Custody?
Chain of custody is a fully auditable paper trail providing end to end visibility documentation of what was done, when, and by whom in the process of electronic data destruction. This should include:
- An assigned project manager
- Identification and scanning all serial numbers for tracking purposes
- Optional: Scanned and matching computer and hard drive serial numbers
- A recording of the time of disposition, and the method of disposition
- Identification of the individual executing the procedure
- A video recording of the process
- A signed Certificate of Destruction proving compliance with relevant privacy legislation.
Why do you need a Chain of Custody?
Maintaining an auditable record of chain of custody is necessary for regulatory compliance and data management. It will help to protect your business against any potential regulatory fines that could be incurred for a data breach that may result from IT assets being improperly disposed of. And a secure chain of custody includes a Certificate of Destruction, a nationally-recognized record to keep on file helping you document compliance with state and federal privacy laws such as HIPAA, PCI, FACTA, Gramm-Leach-Bliley, and Sarbanes-Oxley.
NAID AAA Certification and Chain of Custody
Using a NAID AAA certified data destruction vendor ensures the highest standard of information destruction. NAID-certified companies undergo announced and surprise audits that include careful scrutiny of the chain of custody audit trail and procedures. Selecting onsite electronic data destruction services further reduces the opportunity for chain of custody gaps resulting from packing and shipping. Additionally, with onsite data destruction, you’ll be able to have your own staff witness the process to further strengthen your chain of custody process and verification.
Chain of custody is a legal obligation for anyone disposing of sensitive data. To ensure compliance and verification of compliance is a part of your ITAD (IT Asset Disposition) program, ask your VAR or contact Guardian Data Destruction for advice. No one needs the embarrassment, financial and legal consequences of an end of life data breach that could have been easily avoided.
We also recommned
Data Privacy Day expands to Data Privacy Week. Here’s what the experts want you to know.
Eric Ingebretsen, Chief Commercial Officer of TES, sees Data Privacy Day as an opportunity for every company to examine how effectively existing processes and tactics protect data on new and emerging technologies.
What is Data Privacy Day and why should you care?
The first article in Data Privacy weeklong series focusing on enterprise IT concerns. Melissa Graham of SHI shares the questions you should be asking to keep your IT infrastructure both flexible and a fortress.
How Work From Home Impacts IT Security, Infrastructure, Compliance and Chain of Custody
Our predictions for ITAD and VAR challenges as IT departments make plans for a permanent work from home model.
Stay in the know
Get relevant information right in your inbox
We do not sell or share your information with anyone