National Data & Privacy Protection Day

Whether it belongs to staff, clients, students, or patients, if your organization has ever saved sensitive data to a hard drive on a laptop, desktop, tablet, printer or scanner, you’ll want to examine your data disposition policy to ensure you’ve taken steps to meet regulatory compliance. It’s important to note, data lives on the hard drives and memory cards in the computer equipment we use each day and we remain responsible for that data until we’re provided certification that the hard drive has been sanitized or degaussed. While data-conscious organizations take measures to safeguard against a threat by leveraging security software and firewalls, they often leave themselves vulnerable to a catastrophic data breach when retiring IT assets. Deleting or reformatting a hard drive will NOT erase the sensitive data, which remains recoverable, and is often the source of a costly data leak long after it has been deleted.

Sensitive personal information is information that, if lost, compromised, or disclosed could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. It can include one or more of the following: social security numbers, date of birth, driver’s license and state ID numbers, medical and healthcare information, home addresses, telephone numbers, e mail addresses, account credentials, passwords, banking and financial records, and consumer credit reports. In general, SPI is defined as any information that could be used by criminals to conduct crimes against an individual, including identity theft, blackmail, stalking, etc.

Occurring each year on January 28th, Data Privacy and Protection Day is recognized both nationally and internationally, having been initiated by the Council of Europe in in 2007, and adapted as a nationally recognized event by the United States in 2009. The purpose of National Data Privacy and Protection Day is to raise awareness and promote privacy and data protection best practices. It is also an ideal time to review and refine your firm’s Data Disposition Policy to help mitigate the financial risk of a potential data breach. 

Data privacy and data security are terms that point to the appropriate handling of sensitive data. These terms often lead to a broader compliance-focused conversation about industry-specific data protection regulations. Federal and state laws dictate how this information must be stored, transmitted, and disposed of.

To mitigate the risk of a catastrophic data breach or to learn more about industry specific regulatory requirements, speak with a data disposition expert at Pupfish Sustainability Solutions by calling 631.403.1100 or visit Compliance — Pupfish Sustainability Solutions, secure IT Asset Disposition (pupfishusa.com).