- Posted March 23, 2015
- Tweet This | Share on Facebook
Putting more destruction into your tech mix
Firms of every size, from solo practices to global enterprises, are putting particular focus on data retention and organization. That's not surprising, given the amount of data that's generated every day, and law firms, unlike some industries, are often subject to more regulation (such as Sarbanes-Oxley or HIPPA, depending on client base) than other types of companies.
But while searching for the best data storage options and evaluating vendors, there's another vital aspect that comes with data generation: deletion.
While it makes sense to ensure that your records, emails, and other information are retained, part of that security comes from strategic destruction. Just as you would shred your personal documents after a certain amount of time, employing digital shredding offers a higher level of protection.
Here are some top tips to follow when developing a data destruction strategy:
1. Understand the importance.
In a survey from Eden Prairie-based services and software company Kroll Ontrack, only about half of businesses surveyed noted that they regularly use some method of erasing sensitive data when it's no longer needed. Keeping older data on outdated hard drives and old computers is another bad habit of too many companies. Of those that do have some kind of deletion, about 75 percent don't delete data securely with a proven digital shredding system.
"Unfortunately, many people think that data is erased if they just delete it," says Jeff Pederson, senior manager of data recovery operations at Kroll Ontrack.
2. Use automation.
Pederson adds that many companies also employ an ad-hoc system, which means they might delete data that's of a certain age, but they only tackle that deletion when they're running out of storage space. This might be fine for a home user who needs to get rid of some movies and music to make room for newer downloads, but such a strategy for an enterprise creates security risks.
"To make sure that the data is truly gone, you need to set up a system of regular purging, and that requires a schedule, and some automation," he says. For example, email can be tagged in such a way that only vital messages about specific cases are stored, not the "reply all" kind of emails about how the office is closing early because of a snowstorm.
Other types of data can be categorized as well, as soon as it's created. Not only does that help to set up automated deletion based on a specific schedule, but it also makes document searching easier, and could even reduce the amount of data storage needed.
3. Employ digital shredding technology.
If you're using a data storage vendor and putting all of your information and records in the cloud, have a conversation with that company's sales or service rep to talk about data deletion, and what tools are used. Any reputable company will be eager to talk about their digital shredding expertise, and walk you through the details of how the process is done.
For smaller offices, or those trying to put their own controls in place, it pays to find a unified storage system with tools specifically designed for secure deletion, says Stanley Chan, Director of Business Development at storage provider Sans Digital. "You should be able to see security controls, backup schedules, and deletion schedules within the same dashboard," he says.
4. Know where data hides.
Deleting older data from a cloud-based system is a good start, but keep in mind that there are several machines and devices that can still have data stored, such as your multi-function photocopier. In order to make copies lightning fast, these machines take a snapshot of a document and store those on a hard drive, so they can be retrieved later if needed. Although that's useful for some business operations, make sure that if you're renting the copier, data destruction is part of your contract.
Another source of data security are laptops and smartphones used by employees who have since left the company. Chan notes that many companies hand over these machines to new employees, after doing a low-level swipe. But given the number of places that data can reside on a computer - in the downloads folder, for example - it significantly boosts security to make sure these machines are securely wiped.
In general, data destruction takes effort to put into place, and can involve extra budget funds for utilizing new automation tools and vendors. But given the additional level of security that comes with digital shredding, it's worth the time and money.
-----
Elizabeth Millard has been writing about technology for 20 years. Her work has appeared in Business 2.0, eWeek, Linux Magazine and TechNewsWorld. She attended Harvard University and formerly served as senior editor at ComputerUser.
Published: Mon, Mar 23, 2015
headlines Detroit
headlines National
- ABA Legislative Priorities Survey helps members set the agenda
- ACLU and BigLaw firm use ‘Orange is the New Black’ in hashtag effort to promote NY jail reform
- Judge gave ‘reasonable impression’ she was letting immigrant evade ICE, ethics charges say
- 2 federal judges have changed their minds about senior status; will 2 appeals judges follow suit?
- Biden should pardon Trump, as well as Trump’s enemies, says Watergate figure John Dean
- Horse-loving lawyer left the law to help run a Colorado ranch