The 1st Complete
Guide for the Secure
Information Disposition contains everything one needs to know,
including policies and templates, to create a state-of-the-art,
compliant and secure information destruction program. This
book also serves as the official study guide for the Certified
Secure Destruction Specialist® (CSDS) Accreditation Program.
Get your copy today!
• Members receive 50% off each copy!
• Equip your entire staff; order 10 or more
and receive 60% off.
firstname.lastname@example.org | 602-788-6243
Customer Misconception #5:
Only a Small Portion of Discarded Media
Must be Destroyed
There are several ways in which data controllers put themselves
at risk by destroying only a portion of what should be destroyed.
Usually is by letting employees decide what should be destroyed
and what can be disposed of casually. It is most commonly seen
where a data controller gives the employee multiple options for how
media is discarded. This is a mistake for several reasons, and one of
the many places Information Disposition confronts this mistake can
be found on page 47, Chapter 2, Physical Security:
Special Collection Issues
Allowing Employee Discretion
It is very risky for a data controller to allow rank and file
employees the discretion to determine what media or
information requires secure destruction. While allowing
employee discretion minimizes the amount of material
requiring destruction, it gives every employee the ability
to violate an organization’s regulatory compliance.
Furthermore, a data security breach traced back to such
employee discretion, having arguably been authorized
precisely because it was the more economical, would be
difficult to defend.
As previously discussed above, where Chapter 3 defines what
actually constitutes an official “record,” and what is considered
“personal information” will also help explain to data controllers
they are taking a big risk with any destruction program that doesn’t
include ALL discarded media.
Information Disposition also spends considerable time on the
importance of employee training, which, will help maximize their
sensitivity to what must be destroyed.
continued on page 37