22 Feb How to dispose of secure confidential information
In the modern world identity fraud is a high-profile issue. Data security is something that is very high on the agenda for every business.
In this video, we’re going to be looking at the disposal of secure confidential information. What are the things you need to be aware of when looking at how you destroy secure, sensitive information?
For most data destruction, you need an effective means shredding. But how do you know which shredder to buy, or what to look for in a shredding service?
The first thing to mention is the DIN security levels.
DIN refers to the Deutsches Institut für Normung (DOYT-CHEZ INSTITUTE FYOOR NOR-MUNG) (apologies for my pronunciation. In English, it’s simply the German Institute for Standardisation). The only reason this is relevant to you is that DIN is a European standard that defines ‘Data Destruction’ security levels.
They are a means of understanding how you need to approach the secure destruction of data in your business.
The old DIN 32757 for shredder security levels had just six levels.
However, in the new age of information and digital media complexity the newer DIN 66399 standard is a bit more sophisticated – ascribing not only seven different security levels to data destruction but also doing so across six different possible media types.
So, a quick bit of maths tells you that there are 42 possible permutations of data security.
Before you think “hang on… that’s far too complicated”, don’t worry; when you get your head round it, I promise you it is much more straightforward than it seems!
Why does all this matter?
Well, our lives and our businesses have changed.
Gone are the days when the only (or even main) way of storing data was a bunch of folders in a filing cabinet.
The storage media containing our confidential data are now many and varied. Along with paper, digital media now play a major role in the workplace and in our everyday lives. The DIN 66399 standard takes this diversity into account, and defines what security means in our modern media.
In short, there is a security level that has been defined and determined to give you peace of mind when protecting yourself and your business.
How can you actually use this?
It’s as easy as one, two, three!
- Determine the data protection requirement of your information – how sensitive is it?
- Determine what kind of media the information is stored on – what is it?
- Determine the right security level and destroy it, as appropriate!
Let’s go though it step-by-step:
The first thing you need to do is decide how securely your data should be treated. There are three different classes of data protection requirement. Check your data to determine the protection requirement in each case.
Protection 1: Normal security requirement for internal data.
Publication or people getting hold of the data would have only a limited negative impact on the company, but there is a certain amount of personal information that needs to be protected.
Protection 2: High security requirement for confidential data.
Publication or people getting hold of the data would have a considerable effect on the business and may have legal ramifications (contractual or legislation breach). Personal data included in the information has strict requirements, there would otherwise be a considerable risk to the social or professional standing and financial situation of the affected persons.
Protection 3: Very high protection requirements for particularly confidential and secret data.
Publication or people getting hold of the data could have catastrophic (even terminal) consequences for the company, infringe trade confidentiality obligations, contracts, or laws. Personal data integrity must be maintained otherwise there is a risk to the health and safety or personal freedom of the affected persons.
The second step is to identify what kind of media the data are stored on.
Click the link for a copy of this look-up table showing the six data media codes of the DIN 66399:
P stands for information in its original size: paper, X-ray. Films. Print forms
O stands for Optical data media: CDs, DVDs, Blu-ray discs
T is Magnetic data media: floppy discs, ID cards.
E is Electronic data media: USB sticks, chip cards, SSDs, flash memory (smart phones, tablets), memory cards.
F is Information in reduced form: films, foils etc.
And finally, H is Hard drives with magnetic data media.