Data Destruction Is it really gone? Donna Read Chris Parker Florida Gulf Coast ARMA Chapter April 2013.

Slides:



Advertisements
Similar presentations
Fredrick H. Armstrong, Director, Archives & History Staff, Records Management and Preservation Board Records Management for Licensing Boards.
Advertisements

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.
Separating Active from Inactive Records
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Aspects of Electronic Waste Disposal Lawrence P. Hayes P.E. E-Waste Experts, Inc.
Best Practices: Provisioning, Encryption and Decommission of storage in the enterprise.
NOAA Computer/Hard Drive Sanitization Validation Form and PDA/Cell Phone Destruction Worksheet.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
Securing NPI Mary Schuster Mike Murphy.  Gramm-Leach-Bliley Act Enacted to control the ways that financial institutions deal with the private information.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.
SC Identity Theft Act and Red Flag Rules Stephanie O’Cain, CPA Municipal Association of SC October 6, 2009.
Media Sanitization How to get rid of unwanted data so no one else can get it.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
Disk Clearing and Disk Sanitization
Records Management at UW-Green Bay Or, I am out of space and just want to throw some things away!
DATA SECURITY END OF LIFE Andy Crawford 5/23/20151Florida Gulf Coast ARMA Chapter.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Privacy and Security Basics for CDSME Data Collection Sue Lachenmayr, MPH, CHES Updated April 10, 2014.
RECORDS MANAGEMENT City of Oregon City “ That was then… this is now!”
Department of Commerce Records Management Training.
Identify a few method to dispose of the hard drive of computers.
1st Choice Document Destruction, Inc (a member of the NAID Association) is proud to be an exclusive distributor for “The Guardian” Hard Drive Destroyer.
National Property Management Association Disposing of Assets Containing Sensitive Information Kim Doner, CPPM SRA International.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Protecting Sensitive Information PA Turnpike Commission.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.
Public Records Management Advanced Real Property Seminar September 15, 2010 Presented by: Tom Vincent, NCDCR Local Records Management Analyst.
Records Management Overview. Why? It’s the Law It’s the Law It’s University Policy It’s University Policy Fiscal and Legal Compliance Fiscal and Legal.
ARMA Charlotte - Piedmont Educational Seminar 2007 Managing Public Records Law and Practice In North Carolina Government Records Branch Division of Historical.
Basic Records Management. What we’ll cover Virginia Public Records Act Definitions Understanding and using the LVA General Schedules The schedule cover.
Family Financial Management Annie’s Project January 23, 2007 Coweta Oklahoma.
Module #2: What Sensitive Data is and how to handle it Module 2 is approximately 3min and 30 sec.
1 Comp7780 Update  Why?  What?  How? What have you learnt? Comp
1st Choice Document Destruction (a member of the NAID Association) is proud to be an exclusive distributor for The Guardian Hard Drive Destroyer. Anyone.
Accounting Electronic Records Management Process Your Company Name Here. Confidential. Revision # ___. Date: _____ By: _______________ 1 1. Full Access.
Destruction Standards & Compliance Presented by: Chris Parker, V.P. Operations Stevens & Stevens Business Records Management, Inc.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
The Challenge and the Goal: Regaining the Custody/Control of Outpatient Medical Records.
RECORDS MANAGEMENT Office of Compliance. OBJECTIVES Four main objectives of a Records Management Program: –Increase efficiency of record keeping. –Protection.
Media Sanitization at the Idaho National Laboratory Jonathan Bates NLIT 2009.
Tampa Computer Recycling. Our Tampa computer recycling company takes responsibility of safely disposing of all older computer systems and their electronic.
Computer Disposal Goes Green. Three billion units of consumer electronics potentially will become scrap between 2003 and That’s nine gadgets thrown.
Records Management: The Public Records Act, the Library of Virginia, and You Glenn Smith Records Management Analyst.
United States Army Records Management Training Module 1 Part B.
Protecting Your Identity and The Environment 1 Vintage Tech LLC 1105 Windham Parkway Romeoville, IL (o)
When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.
All Employee Basic Records Management Training. Training Overview 1.Training Objectives 2.Clark County RIM Program 3.Key Concepts 4.Employee Responsibilities.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
WIC CONFIDENTIAL INFORMATION SPRING 2014 CALIFORNIA DEPARTMENT OF PUBLIC HEALTH WIC PROGRAM.
RECORDS MANAGEMENT Office of Business Affairs. OBJECTIVES Four main objectives of a Records Management Program: –Increase efficiency of record keeping.
Government Agency’s Name April Identity Theft is when someone steals your personal information and uses it as their own, usually for some financial.
Secondary Storage. WHAT IS SECONDARY STORAGE  SECONDARY STORAGE IS THE STORAGE THAT IS NON- VOLATILE. RAM IS VOLATILE AND SHORT TERM AND FORGETS EVERYTHING.
National Product Stewardship Forum May 30, 2007 San Francisco, CA Garth Hickle Minnesota Pollution Control Agency.
Introduction To Computers
 Kim  Allen  Kenneth. Chapter 1 Computer Fundamentals.
Information Security. Your responsibilities as a Government of Canada employee.
Information Management and the Departing Employee.
 The laws vary from state to state. The California Medical Association website states:  There is no general law requiring a physician to maintain records.
GETTING A GRIP ON DISPOSAL Carmela Gallo. Word origin of Disposal Disposal To dispose mid-14c., from Old.French. disposer (infl. by poser "to place"),
RECORDS MANAGEMENT Judith Read and Mary Lea Ginn Chapter 12 Electronic Media and Image Records 1 © 2016 Cengage Learning ®. May not be scanned, copied.
Computers Mrs. Flowers University High School.
COMPUTER PARTS INSIDE - OUTSIDE. Computer Parts There are many parts that work together to make a computer work.
Protecting PHI & PII 12/30/2017 6:45 AM
Items For Secure Media Recycling Bins
Data Destruction Standards & Compliance
Chapter 3 – Storage Devices and Media
PERSONALLY IDENTIFIABLE INFORMATION: AUDIT CONSIDERATIONS
Presentation transcript:

Data Destruction Is it really gone? Donna Read Chris Parker Florida Gulf Coast ARMA Chapter April 2013

Life Cycle of a Record  Creation or receipt  Use and maintenance  Disposition = perm retention or……… DESTRUCTION

Definition of Destruction

What is in a hard drive?  Lead  Brominated Flame Retardants  Barium  Mercury  Beryllium  Cadmium

Dept. of Defense M  Definition: DoD M is a software based data sanitization method used in various data destruction programs to overwrite existing information on a hard drive or other storage device.

Type of Media  Optical Discs CD/DVD  Hard Disc Drives HDD  Magnetic Tape  Floppy Discs  Flash Memory  Paper  Microform  Hand held devices  Networking devices – routers etc.  Equipment – fax & copy machines

Degaussing  Degaussing is the process of decreasing or eliminating a remnant magnetic field. Due to magnetic hysteresis it is generally not possible to reduce a magnetic field completely to zero, so degaussing typically induces a very small "known" field referred to as bias.  Degaussing was originally applied to reduce ships' magnetic signatures during WWII.  Degaussing is also used to reduce magnetic fields in CRT monitors and to destroy the data on magnetic media.

NIST Outlines Which Data Destruction & Erasure Options are Best for You  NIST – National Institute of Standards and Technology  Guidelines for Media Sanitization Disposal – Clearing – Purging – Destroying

State E-Waste Guidelines 19 States already have E- Waste Legislation All states will have in 2 – 3 years. Makes it illegal to dump E- Waste in landfills Puts a carbon tax on manufacturers

Cost of Improper Destruction  Dec 2010 – NASA sells shuttle PCs without wiping secret data – 10 PCs sold that contained highly sensitive data restricted under the arms control rules.  The employees of a physician disposed of medical records inappropriately by placing them into office recycling bins. Although the contents of the recycling bins were supposed to be shredded, these instructions were not communicated to the building’s janitorial services. As a result, the files were transferred to the building’s recycling area without being shredded. Case settled for $85,000.

Law suits abound  The drugstore chain CVS is being sued by the Texas Attorney General for failure to properly dispose of customer records including credit card and debit card numbers, drivers license numbers and medical prescription forms with name, address, date of birth, issuing physician and the types of medication.  It is a violation of several Texas laws and carries potential penalties of $50,000 per violation and/or $500 per abandoned record.

Disposition Decision Making

Take Destruction Seriously  There are laws governing the protection of PII (Personally Identifiable Information)  Identify theft: The United States Department of Justice states that in 2010, 7% of all United States households had at least one member of the family at or over the age of 12 who has been a victim of some sort of identity theft. The odds are against you.

Questions?  Donna Read, CRM, CDIA+  Earl Rich, CRM  Chris Parker