Media Destruction and Privacy Law Compliance

Media destruction refers to the process of destroying or removing physical or digital media in order to prevent unauthorized access to sensitive or confidential information. In this constantly-changing technological age, this process is essential to ensure the security and privacy of individual and business information.

What Media Should Concern Me?

Any device that stores digital information, no matter what size and capacity, is a potential data breach risk if not destroyed properly. Here is a list of some of the media to look for on your shelves.

• Hard drives including magnetic, rotational, and solid-state drives
• Backup tapes
• USB drives, including thumb or jump drives
• CDs, DVDs, and Blu-Rays
• Microfilm and microfiche
• Floppy Disks
• X-rays
• Credit and debit cards

Who Said It’s a Problem?

State and federal laws were enacted for the purpose of protecting customers, employees, and businesses against data thieves. You are required to follow these laws, some of which include:

• The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of patients’ medical records and other personal health information.
• The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and safeguard their sensitive data.
• The Fair and Accurate Credit Transactions Act (FACTA) protects consumers from identity theft and penalizes non-compliance with federal and state fines.
• The Washington Privacy Act (WPA) grants consumers various rights regarding their personal data.
• The Oregon Consumer Information Protection Act (OCIPA) requires businesses and government agencies to notify any consumer whose personal information was breached.

What Is the Problem?

Obsolete digital devices are piling up on company shelves, using up valuable space and putting the company at risk. Yet, simply erasing or deleting data from a computer, laptop, USB drive, or any other digital device doesn’t guarantee that the information has been fully removed.

Discarded media that is stored on the shelf is subject to multiple risks:

• Theft by internal or external individuals intent on identity theft.
• Being misplaced and unaccounted for, leaving you with no proof that the information contained on that media has been destroyed as required by law.
• Being thrown in the trash or recycling bin by someone who is unaware of its origin or the risks incurred by recycling digital media before it is destroyed.

All of these scenarios violate privacy laws. Any amount of information that remains intact leaves the chain of custody incomplete, and the remaining information can be a threat to your customers, staff, and your business as a whole, incur government fines, legal suits, and ruin your reputation.

What is the Solution?

• Collect all outdated, obsolete, and discarded media devices.
• Contact a reputable shredding company and schedule on-site media destruction.
• Drop-off media destruction is an option if you have just a few devices to destroy.
• Instruct all of your employees that digital devices should never be discarded, recycled, or stored. Any media that is no longer needed must be destroyed by a professional shredding company as soon as possible.

Who Should I Contact?

CI Information Management provides a full range of shredding and destruction services to businesses and residents in Southeastern and Central Washington state and Northeastern Oregon. We also provide you with a Certificate of Destruction as your proof of compliance with federal and state data privacy laws. If you have questions or want to book your shredding service, give us a call at 509-586-6090 or complete the form on this page to speak with one of our friendly shredding experts.