What is the NIST 800-88 Standard?
NIST 800-88 is the National Institute of Standard and Technology guide for digital media sanitization. Professionals and organizations can refer to the NIST 800-88 standard while making information end of life decisions. Critical considerations include the categorization and confidentiality of data. Physical destruction of hard drives is the most secure form of data destruction, and the NIST recommends shredding for all categories of confidential data.
A recent survey on hard drive disposal best practice conducted by The ITAM Review shows 61% of the respondents did not follow a specific data destruction standard while 29% had no way of proving proper disposal or data destruction. (source The ITAM Review)
Data: To Destroy or Not to Destroy?
When hardware and digital data reach the end of their useful lives, they are often disposed of as junk or trash. Following the growing number of fraudulent cases, new guidelines and regulations emerged to protect individuals and organizations from information security risks. The threats of identity theft and other information security risks are real, and decision makers should take note. Experts argue, until recently, the majority of professionals responsible for the disposal of hardware were not aware of data destruction standards. The Federal Trade Commission (FTC) could audit businesses, with fines/settlements that could reach into the millions of dollars. Moreover, lawsuits do not require proof of identify theft or out-of-pocket losses.
Each organization is responsible for developing policies and procedures, which also include the characterization of the risk level, for data security and hardware destruction. The Red Flag Rule (Use following link please) https://www.ftc.gov/tips-advice/business-center/guidance/fighting-identity-theft-red-flags-rule-how-guide-business mandates a written Identity Theft Prevention Program. Erasing, degaussing, or shredding are ways to sanitize hard drives. Physically shredding hard drives is the most secure form of data destruction, and the NIST recommends shredding for all categories of confidential data. A Certificate of Destruction is the documentation of the data destruction process. Shred Alaska’s mobile hard drive shredding provides a certificate of destruction including serial numbers for each drive destroyed as well as a copy of the video of the drives being shred.