A DATA DISPOSAL PRIMER
By Chris Rodinis
March 21st, 2012
http://www.fas.org/irp/nsa/rainbow/tg025-2.htm
http://privacy.med.miami.edu/glossary/xd_secu…
http://it.med.miami.edu/x677.xml
http://www.computertworld.com
Data Breaches and the Cost of Nonconformance
CVS Pharmacies was fined over $2,000,000 for a data breach of confidential personal information. A recent sum total of data breach fines nationwide is close to $20,000,000.
Walgreen’s, having committed a similar blunder is next to be fined. Perhaps a new fine record will be set.
Data breaches from disposal are reported frequently, there is a website: www.datalossdb.org that solely tracks data breaches and their associated fines and costs.
Data breaches attract attention because so many individuals are affected and identity theft is the one of largest criminal activities that there is. Regular people going about their daily lives are often one to make the breach discovery.
Refurbished and re-marketed hard drives are considered easy targets of data breach based on past experience. Quite a few researchers go to auction sites to buy drives just to see if they can extract secure or confidential information. Often times they are successful at a rate of at least 33%. Sometimes the drive data may contain 10% or more of the original data.
The conclusion is that this problem is expensive and growing for all concerned. New HIPPA laws have accomplished the following:
- Created of a new type of covered stakeholder
- Enforcement is handled by each state’s attorney general
- Fines rose from $25,000 to $1,500,000
- Fines are mandatory when disclosures involve “willful negligence”
- A federal national data breach disclosure law is now in effect
- HIPAA regs now extend to outside vendors performing data destruction
- All disposal contracts must now be scrutinized and reworded
HIPAA has expanded its authority to include any business that comes in contact with private personal information. This would include business associates such as contractor vendors that perform data disposal for healthcare clients.
At first HIPAA was interested only in helping with compliance. That has changed to a strict enforcement policy. This policy includes mandatory fines of up to $1,500,000 where willful neglect is shown. Each state’s attorney general is responsible for enforcement.
Now by law the violating entity must report each data breach so that consumers are aware.
Before this may not have made headlines, however, recently the breach of secure data at Sony has become quite famous. Companies has 60 days to make this disclosure or face consequences.
If an information destruction company causes a breach, that would be made public and be quite expensive. Healthcare providers will want to know they are covered by a large amount of commercial insurance.
DO IT RIGHT THE FIRST TIME!
Out of fear or out of ignorance IT admin’s are not sure about what to do with all this extra data being stored. Legal requirements and false information may be driving wrong IT behaviors. Up to 70% of all businesses in the US do not have an end of life data disposition strategy.
For this reason, cost associated with litigation and database management now are greater than several hundred million dollars yearly. Controlling these costs is of paramount importance.
False: All data must be kept forever
Fact: There is no legal obligation to keep all information.
The truth is that companies are not required to keep confidential data forever.
Because IT managers are not in the legal department, they prefer to be safe rather than sorry. There are different legal requirements for each company; so therefore, once legal and IT become coordinated with data purge rules and protocols, a better IT department will result.
False: Storage is cheap.
Fact: Storage ain’t cheap.
More storage, more hardware, more cost. Include the labor in managing excess confidential data and you get the idea. Never mind if the legal department needs to “discover” info on behalf of clients because the discovery is made more expensive by the storage of excess secure data. Breaches can cost up to $200,000 each. All this is a cost liability to business.
Question: Which data is trash? Which is important?
Fact: Use a plan or system to know how and when to throw out the trash data
The driving question which determines the path is: does this data have value for my business? yes or no……Is there a real legal requirement to save this data? yes or no.
The legals can mix with the marketers to determine this and the IT guy can execute.
False: The task is problematic and it will never work right
Fact: The longer you wait the more difficult it becomes.
Once again each department can coordinate as far as needs and IT can adjust.
Old emails? gone. Old sales records? gone. Old employee files? gone. Legal reasons? might have to keep that! So for your obligations you have retention protocols and for everything else you will be able to defend your destruction of data.
CLEAR? PURGE? DELETE?
CLEAR
The “clear” method uses software or hardware to overwrite the confidential data on the drive or media with meaningless data. This includes overwriting addresses, directories and “pointers.
It can not be accomplished on broken drives or media. For very large amounts of data this may not be feasible.
PURGE
Purging utilizes the firmware known as Secure Erase embedded in the device. Execute Secure Erase and the drive is purged of most of the data. Following this degaussing may be recommended. Degaussing uses a box device to create a very strong magnetic field which scrambles the data beyond recovery. This is effective for large amounts of data and for rapidly disposing of data on diskettes. After degaussing drives no longer work.
DESTROY
Various names apply here: destruction, pulverizing, melting, shredding and incineration are good descriptions for the actions taken. These actions are effective and permanent. Specifications typically require remanence of all residues to be reduced to nominal edge dimensions of five millimeters (5 mm). Before destruction, encryption may be done to be certain that no data will ever be breached and forensic recovery will be impossible. No means short of complete destruction allows non-recoverability.
If you are interested in secure data disposal you may contact www.EwasteWiz.com
DESTROY, DISPOSE, SANITIZE!
The chart below is a breakdown of methods by media type.
NOTE: Sanitize refers to the complete removal of all data.
Each letter corresponds to the means used.
A. degauss with Type I degausser.
B. degauss with Type II degausser.
C. Overwrite all addressable locations with a single character.
D. Overwrite all addressable locations with a character, its complement, then a random character, and then verify. (Note: DoD standards do not permit this method for sanitizing media containing top secret information.)
E. Overwrite all addressable locations with a character, its complement, then a random character.
F. Each overwrite must reside in memory for a period longer than the classified data resided.
G. Remove all power, including any battery power.
H. Overwrite all locations with a random pattern, all locations with binary zeros, and finally all locations with binary ones.
I. Perform a full chip erase as per manufacturer’s data sheets.
J. Perform I above, then C above, a total of three times.
K. Perform an ultraviolet erase according to manufacturer’s recommendation.
L. Perform K above, but increase time by a factor of three.
M. Destroy by disintegration, incineration, pulverization, shredding (except for paper), or smelting. Paper may be pulverized or chemically macerated.
N. Under US DoD 5220.22-M standards, destruction is required only if classified information is contained. Organizations must determine what, if any, of their information is “unclassified.” If unclassified and classified information is mixed on a storage unit, it must be destroyed.
O. Run five pages of unclassified text (font test acceptable).
P. Ribbons must be destroyed. Platens must be cleaned.
Q. Inspect and/or test screen surface for evidence of burned-in information. If present, the screen must be destroyed.
S. Shred with strip shredder. Use cross-cut shredder for more sensitive information. (Note: US DoD 5220.22-M standards do not cover paper information.)
?. No established standard.
| MEDIA | CLEAR | SANITIZE |
| Magnetic Tape | ||
| type I | A or B | A, B, or M |
| type II | A or B | B or M |
| type III | A or B | M |
| Magnetic disk | ||
| Bernoulli’s | A, B or C | M |
| floppies (e.g., 3.5″) | A, B or C | M |
| non-removable rigid (hard) disk | C | A, B, D, or M |
| removable rigid (hard) disk | A, B or C | A, B, D, or M |
| Optical Disk | ||
| rewritable (read-many, write-many) | C | M |
| write once, read-many | M, N | |
| read-only (e.g., CD-R) | M, N | |
| Memory | ||
| dynamic random access memory (DRAM) | C or G | C, G, or M |
| electronically alterable PROM (EAPROM) | I | J or M |
| electronically erasable PROM (EEPROM) | I | H or M |
| erasable programmable ROM (EPROM) | K | I, then C, or M |
| flash EPROM (FEPROM) | I | C then I, or M |
| programmable ROM (PROM) | C | M |
| magnetic bubble memory | C | A, B, C, or M |
| magnetic core memory (HARD DRIVES) | C | A, B, E, or M |
| magnetic plated wire | C | C and F, or M |
| magnetic resistive memory | C | M |
| non-volatile RAM (NOVRAM) | C or G | C, G, or M |
| read-only memory (ROM) | M | |
| static random access memory (SRAM) | C or G | C and F, G, or M |