Fundamentals of Data Destruction: The Importance of Chain of Custody

January 1, 2019

Experts predict that every two years, the volume of data created by businesses will double. When you add the speed at which data centers are filled up and IT equipment is replaced by newer iterations, you begin to see how important it is to properly destroy or render unusable any old equipment that may contain valuable or sensitive data.

Of course, data breaches don’t just occur online. And for businesses that might be audited or face legal repercussions if they can’t prove beyond a shadow of a doubt how and when their outdated equipment was decommissioned, there’s no substitute for working with a fully qualified data destruction company that supplies you with an airtight chain of custody throughout the entire data destruction process.

Chain of Custody: What Is It?

To understand what a chain of custody is, you want to think of how you could legally prove that your old equipment, as well as the data it contained, was handled properly from the moment it left your facility until the moment it was either destroyed in an electronic shredding procedure or thoroughly wiped clean of data in some form of professional degaussing.

This is why any worthwhile chain of custody gives you a complete paper trail — or digital trail — that forms a total history of who handled your equipment, where it was stored, how it was transported, and under what circumstances it was eventually destroyed or rendered unusable. In addition, companies that use professional data destruction services are issued certificates of destruction upon completion of the process.

To have anything less than a robust chain of custody can leave your organization open to fines, legal ramifications, auditors’ censure, public relations issues, brand diminishment and a subsequent detrimental impact to your bottom line.

Chain of Custody: Why Do You Need It?

For many businesses — such as those that work with electronic health records or sensitive financial information — laws and regulations like HIPAA, Sarbanes-Oxley and Gramm-Leach-Bliley require the ability to produce a chain of custody that includes all issued certificates of destruction during an audit. And to not be in compliance with any of these federal regulations can have dramatic consequences for a business that wants to remain in operations and competitive for the foreseeable future.

Since, for a majority of businesses, chain of custody is a legal requirement, it’s not something you should take shortcuts with. This could expose your organization to preventable levels of risk. When a AAA-certified National Association for Information Destruction (NAID) member company like DataSpan can complete the job in a compliant fashion, the choice to employ a proven data destruction service is a simple one.

DataSpan Gives You Peace of Mind

Supplying data centers with the equipment and professional services they need to stay competitive has been the sole mission of DataSpan for well over four decades. In that time, we’ve earned the trust of more than half of the Fortune 1000 who are pleased members of our client list.

To learn more about our data destruction services, please contact us today.