By Christina Walker, Global Director, Channel Sales and Programs, Blancco Technology Group
After years of massive data breaches and more recent flagrant abuses of consumer data privacy, businesses are on high alert and pulling out all the stops to protect their data — and their customers’ personal information.
Businesses will have to gear up to comply with new data privacy laws both in the U.S. and abroad if they want to successfully compete in our global economy. Under Europe’s GDPR law, which went into effect in May 2018, consumer privacy rights were expanded to include a requirement for companies to inform affected parties of a serious data breach. In addition, companies are instructed to abide by lawful processing of data, ensuring each data subject has given consent for their data to be processed and each of the individual’s rights be adhered to. Companies that fail to comply with GDPR will be subject to substantial fines.
Adding to the growing global privacy legislation, at least 34 states and Puerto Rico have enacted laws that require either private or governmental entities (or both) to destroy, dispose or otherwise make personal information unreadable or undecipherable. Thirty-one of these laws address digital data specifically, while Arizona’s data disposal law applies to paper records only.
The Federal Trade Commission’s Disposal Rule also requires proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” The rule applies to consumer reports or information derived from consumer reports, which includes personal data and financial information.
Where organizations might be confused is how to properly dispose of this sensitive customer data — and whether their process meets state, national or global regulations. Some might even think shredding hard drives and mobile devices might suffice, but that’s not always true. Physical destruction is the process of shredding hard drives, smartphones, printers, laptops and other storage media into tiny pieces by large mechanical shredders, and it’s a very secure process — most of the time. But there are exceptions. Usable residual data can still remain on the storage media or mobile device and could potentially be recovered with the assistance of advanced forensic tools, making it a potential threat in the event of a data breach.
Software-based data erasure, unlike physical destruction, includes verification that the data has been securely erased. Erased devices are certified to contain no usable residual data, and they’re often able to be reused or resold, saving money and the environment.
Some claim the GDPR is a model for laws that other countries will adopt in the future. And while many thought the GDPR was extreme, California went one step further to pass one of the one of the toughest and most comprehensive data privacy laws in the country. Due to go into effect on Jan. 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) legislates how large companies handle customer data and holds them accountable for the ways to manage, store and dispose of the …