Compliance with data privacy laws such as HIPAA, GLBA and PCI extend from initially capturing information all the way through disposal.
Secure data destruction is critical for data privacy compliance. Every business, healthcare organization and governmental agency has certain responsibilities regarding the privacy of personal information. Securely destroying that information on digital media is critical for compliance when disposing of computer equipment.
This is a growing concern for the government, and as a result, those who violate or ignore data privacy laws are finding themselves subject to increasing levels of investigation, enforcement, and penalties. It is extremely important that businesses understand how they are expected to destroy customer and patient PHI when it comes time to dispose of computer equipment.
HIPAA
The HIPAA Security Rule establishes national standards to protect individuals’ EPHI that is maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of EPHI.
PCI/DSS
The Payment Card Industry Data Security Standard (PCI-DSS) intent was to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data
GDPR
GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Some of the key privacy and data protection requirements of the GDPR include: consent, collection and notification of consumer data.
NIST 800-88
NIST 800-88 provides guidance to assist organizations in making practical sanitization decisions based on the confidentiality of their information. Media sanitization refers to a process, such as hard drive shredding, that renders digital media infeasible for a given level of effort.