Recommendations for the protection and secure destruction of digital media.
In a time of rapid growth of digital media and free flow of information online, we need to recognise the hidden risks and act decisively. It is crucial to understand the often unnoticed vulnerabilities and threats in order to navigate safely through the digital world.
Data breaches are commonplace in the digital age. Both small businesses and large government agencies are not immune to the risk of confidential information leaks. The consequences can include identity theft, financial loss and national security concerns.
One of the biggest challenges in protecting digital data is the vulnerability of neglected digital media. Media in obsolete formats such as floppy disks, magnetic tapes, CDs, DVDs or USBs are often forgotten or disposed of without the sensitivity of the information stored on them being recognised. These neglected media pose a significant risk to security and privacy.
Such digital data carriers can easily be viewed by unauthorised persons. Unlike paper documents, which can be physically secured or shredded, digital media can be copied, hacked or stolen unnoticed. This harbours the risk of sensitive data such as personal information, financial records, trade secrets or national security secrets falling into the hands of criminals.
In addition, neglected digital media has legal and ethical consequences. A CD containing personal data violates data protection laws if it is not disposed of properly. A flash drive containing classified information violates security laws if it falls into the wrong hands.
The destruction of digital media is subject to strict legal requirements designed to ensure data protection and information security. The data must be stored for the respective purpose for as long as necessary and then securely deleted. The retention periods for digital media depend on the type of data and generally correspond to those for physical documents. Once these periods have expired, the digital media must be securely and irretrievably deleted.
The secure destruction of digital media is essential for data protection, data management and information security. Legal requirements oblige those responsible to develop a comprehensive strategy to prevent data theft and misuse. Clear processes and procedures are required to ensure the complete and irreversible deletion of digital data.
Determine which digital data and media must be deleted after the retention period has expired. If necessary, risk-reducing measures such as access restrictions, anonymisation and pseudonymisation of personal data can be taken in exceptional cases before final destruction takes place.
It is well known that data cannot be completely erased and easily reconstructed by deleting it using the delete key or technical overwriting. Many IT professionals believe that destroying hard drives with a hammer, drill or screwdriver is a safe method. However, such data carriers can be easily recovered by IT forensic experts. Physical or magnetic methods have proven themselves for complete digital data destruction:
Industrial media shredders, such as the intimus HDD Gladiator, shred magnetic, optical and electronic media, including bulky materials such as hard drives with server frames. With high torque and low speed, they shred the material forcibly and process even large quantities efficiently.
Granulators work at high speed and low torque to shred materials. Rotating and stationary knives in the cutting chamber shred the material into fine, uniform particles. Granulators must be carefully fed by hand or via a conveyor belt during operation. Due to their open rotor design, they work in a similar way to shears. They deliver more uniform granulate with a more precise particle size and shape than shredders, as they feed the material through sieve holes. The security level can be easily adjusted by changing the screen.
Office media shredders can be operated from a normal power socket and can be used anywhere in the office. They securely destroy CDs and credit cards. The intimus FlashEx even shreds smartphones and SSDs directly at the desk in real time, minimising the risk of data theft.
"Degaussing" is a tried and tested method used by governments and secret services such as the NSA and is now also available to companies. Many data carriers such as hard drives, floppy discs or data tapes are based on a magnetic medium. During degaussing, these data carriers are exposed to a strong magnetic field, which completely erases the contents. Demagnetisers, such as the intimus degaussers, are safe, easy to use, quiet and suitable for continuous operation. They are also clean and compact, ideal for use in the office.
Keep a deletion log that documents the time, type of data deleted and the method used. This serves as proof of proper destruction and is required for legal reviews.
Monitor the retention periods and the regular implementation of deletion processes. This ensures compliance with legal requirements.
Compliance with these processes is essential in order to destroy digital media in accordance with data protection regulations and minimise security risks. In this way, companies and organisations ensure the security of their data and minimise risks from neglected electronic media.