Quality Control for Electronic Erasure Processes
Because neither overwriting nor degaussing change the
appearance of the media to which they are applied, quality
control procedures are critical to ensure the reliability of
Quality control starts with written procedures describing
the steps and flow of materials through the stages of
the process. Written procedures 1) demonstrate that due
diligence has been afforded the process, 2) provide for the
appropriate training of qualified technicians to comply and
conform to the instructions, and 3) establish a method of
organizational and individual accountability.
The section goes on to outline in detail the steps and measures to
be employed in a defined quality control publication.
Any service provider, looking to impress the importance of
vendor qualifications and quality control in order to confront the
misconception that recycling is a legitimate option will find plenty
of ammunition in Information Disposition.
Customer Misconception #5:
Only a Small Portion of Discarded Media
Must be Destroyed
There are several ways in which data controllers put themselves
at risk by destroying only a portion of what should be destroyed.
Usually is by letting employees decide what should be destroyed
and what can be disposed of casually. It is most commonly seen
where a data controller gives the employee multiple options for
how media is discarded. This is a mistake for several reasons, and
one of the many places Information Disposition confronts this
mistake can be found on page 47, Chapter 2, Physical Security:
Special Collection Issues
Allowing Employee Discretion
It is very risky for a data controller to allow rank and file
employees the discretion to determine what media or
information requires secure destruction. While allowing
employee discretion minimizes the amount of material
requiring destruction, it gives every employee the ability
to violate an organization’s regulatory compliance.
Furthermore, a data security breach traced back to such
employee discretion, having arguably been authorized
precisely because it was the more economical, would be
difficult to defend.
As previously discussed above, where Chapter 3 defines what
actually constitutes an official “record,” and what is considered
“personal information” will also help explain to data controllers
they are taking a big risk with any destruction program that
doesn’t include ALL discarded media.
Information Disposition also spends considerable time on the
importance of employee training, which, will help maximize their
sensitivity to what must be destroyed.
Customer Misconception #6:
The Certificate of Destruction Removes
It is understandable that data controllers would be comforted
by believing that once they have a certificate of destruction
from the service provider, they are no longer responsible for the
security of the information. Unfortunately, there are still service
providers that try to capitalize on that misconception. At its
worst, this position is seen when a client says something like, “I
don’t care about their security, I have a certificate of destruction,
and so, if it turns up, it will be the service provider’s problem.” Of
course, that is far from the truth. The truth is that if records turn
up, the client will have to answer for the selection of that service
provider. The client will also be responsible for all the regulatory
damages that result. In other words, the certificate of destruction
does not transfer any regulatory responsibility from the client to
the service provider.
Information Disposition stresses throughout that the only way
to transfer regulatory responsibility is through proper due
diligence and contractual language, and even then the transfer
is only partial and tenuous at best. It also, however, contains
clear language to dispel any misconception that a certificate of
destruction is of any value in that regard and that reliance on it
alone is a very dangerous practice.
On page 69 in Chapter 3: Records and Information Management
Data controllers sometimes also mistakenly view the
certificate of destruction (CoD) as transferring liability
for destruction to a service provider; the thought being
that a CoD issued by the service provider makes them
responsible for any damage should the information
surface. This is a dangerous misconception. Obviously,
the previous discussion on the difficulty associated with
establishing proof plays into this discussion. For example,
if one cannot prove that an item was in the batch or
that it was the only copy, holding the service provider
accountable is problematic. While this is true, the more
significant reason the CoD is not capable of transferring
liability is because regulations do not allow for it.