Information assets possess large volumes of confidential data and protecting this data is imperative. Tough regulations, the high cost of data breaches and the risk of data leaks mean that proper steps must be taken to ensure the complete and secure disposal of sensitive information.

Regulatory compliance

A host of strict industry standards and government regulations have forced organizations to take adequate steps to mitigate the risk of unauthorized exposure of confidential corporate data. Organisations must have a gapless audit trail as evidence of the steps taken to prevent data leaks. Failure to comply could result in financial loss, irreparable damage to a company’s reputation, as well as civil and criminal liability. A data breach of any kind could be devastating to a company.

HIPAA (Health Insurance Portability and Accountability Act)
Took effect on April 14, 2001. This law includes provisions intended to safeguard the privacy of patient health records. The law requires healthcare entities that use electronic means to process transactions, which include health information, to use standardized forms and a universal code system for illnesses and treatments. The regulation also requires new safeguards to protect the security and confidentiality of an individual's protected health information.

FACTA (The Fair and Accurate Credit Transactions Act of 2003)
Took effect on June 1, 2005. The primary purpose of this law is to help consumers fight the growing crime of identity theft and consumer fraud. Accuracy, privacy, limits on information sharing, and new consumer rights to disclosure are included in FACTA. The Act contains a number of provisions intended to combat IDENTITY THEFT and consumer fraud and related crimes. Specifically the act requires the destruction of papers containing consumer information. Virtually every business or organization is bound by this law. FACTA enforces the proper destruction of consumer information - name, address, SSN, credit information, and data compiled from this information.

GLB (Gramm-Leach Bliley)
Gramm Leach Bliley (GLB) is another federal law with a much broader scope than HIPAA. This law was designed to compel financial institutions to "respect the privacy of its customers and to protect the security and confidentiality of those customers' non-public personal information. " Gramm-Leach-Bliley (GLB) requires banking and financial institutions across the United States to describe how they will protect the confidentiality and security of consumer information.

Sarbanes Oxley
The Act was signed into law on July 30, 2002. Also known as the Public company Accounting Reform and Investor Protection Act. The primary goal of the Act is to restore and protect investor confidence in the US Financial market by mandating corporate governance to more stringent accounting and reporting control.

The act holds top executives personally responsible for the accuracy and timeliness of their company’s financial data — under threat of criminal prosecution. Thus, SOX compliance has become a top priority for publicly traded companies. The failure of any entity which is or may be governed by Sarbanes-Oxley to ensure that electronic data is at all times secure, then erased and irretrievable at the end of the useful life of the IT asset is likely a violation of the Sarbanes Oxley Act.

Identity theft

Identity theft is the fastest growing crime and the awareness of the risks associated with data leaks is slowly growing. A carelessly discarded hard drive or USB stick could contain confidential data such as credit card details, social security numbers, bank details or employee information. The unauthorized exposure of this data could easily result in identity theft.

• According to the FTC (Federal Trade Commission) in the USA, identity theft was the top consumer complaint in 2006 for the seventh year running
• Identity theft accounted for 36% of the 674 354 complaints filed with the agency in 2006.
• According to the Home Office Identity Fraud Steering Committee, it is estimated that more than 100 000 people are affected by identity theft in the UK each year.
• The latest estimate is that identity fraud costs the British economy over £1,7 billion.

Data leaks

Rapid technological change and the short lifespan of IT assets, has articulated the need to permanently destroy data on retired equipment. The popularity of removable media such as USB drives has grown exponentially resulting in the alarming rise in data leaks through these devices, further heightening the need to properly dispose of electronic data.

• A study conducted by British Telecommunications (BT), the University of Glamorgan in Wales and Edith Cowen University in Australia revealed in August 2006 that a significant number of disks purchased at computer auctions, computer fairs or online from the UK, Australia, North America and Germany still contained commercial and individual data. The information recovered included payroll information, employee names and photos, business emails and sensitive personal information.
• The BBC’s Real Story documentary revealed in 2006 that bank account details of potentially thousands of Britons were being sold in West Africa for less than £20. Sensitive information was contained on the hard drives of PCs exported to Nigeria. This was due to the lack of steps taken to ensure that the hard drives were completely free of all data before being resold.