An Intellyx BrainBlog by Jason English, for Verity ES
It’s much more difficult to successfully build and grow something like a business or a career, than to destroy it.
Destruction usually carries with it a negative connotation. Except when it comes to destroying, or more accurately, eradicating, obsolete data that can only come back to harm your business—or by extension, your career—if it is intercepted or shared.
Data needs to be eradicated all the way down to the disk surface layer to meet regulatory or privacy requirements, before any disks are discarded or donated for possible reuse. The destruction of data with a thorough eradication program is the CDO and CISO’s best countermeasure to serious risk and failure.
However, achieving a compliant and safe level of data eradication while reducing unnecessary waste is not as simple as reformatting the drives or throwing them in the trash, as my colleague Jason Bloomberg describes in the first post of this series:
“Optimizing the data eradication process is a classic flow problem: end-of-life drives are the inputs and cleaned drives are the output. Ensure inputs don’t exceed outputs or the work will pile up, leading to slowdowns.”
Establishing a data eradication process that is verifiably complete is important, but what happens when capacity bottlenecks prevent eradication at scale? IT teams can quickly find themselves struggling to keep up with demand, like Lucy and Ethel in a hilarious candy factory scene.
The high cost of low capacity for eradication
Companies experiencing a data eradication backlog are forced to choose between two unappetizing options.
They could abandon equipment reuse goals—and instead, pay fees and potential fines for shredding media while generating electronic waste and missing out on any residual resale value or recycling incentives.
Or, even worse, allow drives with uncertain data contents to pile up in a storeroom somewhere until they eventually get picked through, moved, or shipped out, with the hope they never get exposed to the world and become a criminal or legal liability.
Failing to eradicate data at scale isn’t an uncommon problem, though it is seldom reported. Even companies with extensive IT resources fail at it, because they also generate massive quantities of end-of-life media.
For instance, leading investment firm Morgan Stanley trusted a moving vendor to take its obsolete or failed drives to a data services vendor for destruction, but instead they passed them to a reseller. The data exposure led to a $35 million fine in 2022 from the US Securities and Exchange Commission (SEC), and nearly double that cost to settle contractual penalties with customers.
Read the entire BrainBlog here.