Background 5

Data Destruction

Your data and your customers' information is never compromised. Never exposed. 
GET IN TOUCH

Data Destroyed. The Right Way.
Every Time.

The most critical aspect of any comprehensive ITAD solution is the complete destruction of the data. There are numerous ways to eradicate data, each guaranteed to keep you secure, but different in their impact on our world and environment.

DMD maintains NAID certification (read about NAID: https://naidonline.org) as a commitment to the strict standards necessary for responsible erasure. 

Erasure

Complete elimination of your data adhering to NIST 800-88 R1 using certified software overwriting the data. This is the most environmentally conscious approach to data destruction.

The Deguasse method is available, and uses a magnetic force to rearrange the data such that the data is unreadable and the disk unusable.

Shred

The physical destruction of a hard drive and the associated data. This does not eliminate the ones and zeros, merely makes them irretrievable.

Depending on age, condition, and relevancy, this may be necessary.

Onsite Refers to where the data destruction occurs. An onsite elimination of data means in your environment without removing the physical asset. The most secure option, but with greater cost and time associated.
Offsite Refers to data destruction that occurs off your premise. We will complete these activities in a NAID certified facility and according to industry-leading protocols and standards.
Know the Difference

NAID Certified vs NAID Member

DMD is a proud to have NAID AAA Certification. This means we adhere to the strictest data erasure and eradication standards in the industry. We are audited annually and maintain comprehensive records and processes to demonstrate this.

Please be aware that many companies use the NAID logo on their website or tout their NAID membership, which is a great first step, but not comprehensive enough for companies who truly care about data security.

Any organization may be a member of NAID, provided you pay the membership fee, which provides you access to the NAID resources and tools.

Only organizations who demonstrate the implementation of current regulatory compliance and security best practices and are validated by NAID (an independent third party) may be certified.

Read More
Data Destruction - the DMD Way

Secure Data Elimination, Proven

DMD takes extreme pride in our data erasure processes. We use multiple technologies to ensure we have the optimal solution for the data bearing device. The other purpose of multiple technologies is to audit each technology against itself.

We maintain wipe logs and files for each and every device so you have electronic records down to the serial number documenting the details.

Additionally, we perform data erasure on-site, where appropriate and desired, to create a zone from which no data ever leaves, minimizing your risk.

While we don't lead with shred services, as shredded drives are less environmentally friendly, we have the capacity to meet all NIST guidelines for physical drive destruction.

MAJOR AREAS OF COMPLIANCE

  • HIPAA
  • SOX
  • PCI
  • FCRA
  • GLBA
  • CCPA

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.

Organizations that must comply with HIPAA as Covered Entities are health care providers, health plans, and health care clearinghouses. Additionally, any individual or entity that performs functions on behalf of a HIPAA-covered entity and involves the use of protected health information is considered a HIPAA Business Associate and must comply.

How this relates to ITAD: companies that are a Covered Entity or a Business Associate are legally obligated to protect the health information, which persists until the data is eliminated.

Sarbanes-Oxley

The Sarbanes–Oxley Act, also called Sarbanes–Oxley, Sarbox or SOX, is a 2002 United States federal law that set new or expanded requirements  to protect the public from fraudulent or erroneous practices by corporations and other business entities. The goal was to increase transparency and require a formalized system of checks and balances in a company.

SOX compliance requirements include formal data security policies that are communicated and enforced. The data security strategy must protect all financial data stored and utilized.

How this relates to ITAD: companies governed by SOX must secure their financial data throughout the company and throughout that data's existence. Proper disposal is a legal requirement.



 

PCI DSS

The Payment Card Industry Data Security Standard, PCI DSS, or PCI for short is a set of requirements developed to ensure the maintenance of a secure environment for all companies that process, store, or transmit credit card information.

This applies to every company regardless of volume. If you use a third-party processor for two transactions a month, you must comply.

How this relates to ITAD: if you have any credit card information, you are responsible for adherence for the life of the data, making responsible destruction an important risk mitigation strategy.

Read more at: https://www.pcicomplianceguide.org/

Fair Credit Reporting Act

The Fair Credit Reporting Act (FCRA) is U.S. Federal Government legislation enacted in 1970 to promote the accuracy, fairness, and privacy of consumer information contained in the files of consumer reporting agencies

Surprisingly, more companies than you think, must comply. This includes Consumer Reporting Agencies (CRAs) like credit bureaus, companies who report information to the CRAs like financial institutions, and any company who uses credit reports including in a hiring procedure.

How this relates to ITAD: all companies with this personal data have legal obligations to protect this sensitive information until its disposal. 

Note: there was an amendment, Fair and Accurate Credit Transaction Act (FACTA) that stipulates requirements for information privacy, accuracy and disposal.

 

GLBA

The Gramm-Leach-Bliley Act is also known as the Financial Services Modernization Act of 1999. The act requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.

Financial institutions are companies that offer consumer financial products or services like loans, financial or investment advice, or insurance.

How this relates to ITAD: companies this impacts must be consistent with the FTC's Disposal Rule, which includes the erasure of media or hardware that contains customer information.

Read more here.



 

CCPA

The California Consumer Privacy Act is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. The statute aims to safeguard consumer privacy for Californians the same way the GDPR protects Europeans.

Companies that meet certain thresholds (like $25M in annual revenue) must take a series of measure to notify, protect, and share the information in accordance to the law.

How this relates to ITAD: there are certain data retention commitments, as well as protocols for notification in case of a breach. Proper data destruction will limit potential liability.