Client Information Security Helping Organizations Protect Private Client Data

22Aug/120

Protect Client Data – Properly Dispose of Old Computer Equipment

I recently received this question from an agency:

“Our agency does not have written guidelines for the preparation or disposal of used PC’s. I think we should have one, and it seems to me all agencies would have this same issue but I’ve not heard anything about this topic. Have you looked into this or written about it that I could reference? If not, do you know of suggested guidelines and software we could use?”

With today’s legal requirements it is prudent to make sure you destroy any private client data on all storage devices prior to disposing of the item. This will help prevent an unintended client data breach. Following are some suggestions on how best to prevent client data from getting into the wrong hands:

Computer hard drives: How you wipe data off of a hard drive so you can give the computer away will depend on what information you want to preserve. Your options are:

File-by-File

If you are giving the computer to someone else you may not want to eliminate all the valuable software along with your private information. However, just deleting your personal files does not make them unrecoverable. To completely destroy a file, you must use a data-shredding program. It takes a conventional “erase” a step further by actually writing over the file.

Whole-Drive

Completely reformatting your drive may seem like a good option, but this method doesn't eliminate data either -- the information can easily be restored using off-the-shelf data-recovery software. Many of the best data-erasing programs come from the same companies that produce data-recovery software. Set aside some time: This can take hours on large hard drives.

Power Tools

There is no better way to completely annihilate your data than to physically destroy the device that stores it. We still suggest a software shredder first, but if your personal data security justifies the extra effort, put on protective eyewear and gloves, then break out the power tools. Drilling four holes through the platters will ensure that they never spin properly again. Better yet, unscrew and remove the top lid of the drive, and go at the platters with a sander or angle grinder. Scuff the surface of the platters until all the shine is gone.

Flash Drives: Flash drives are different than hard drives. It has been found that various methods to “wipe” data off of a flash drive are unreliable. I recommend that you take a hammer to the drive. You want to make sure you smash the circuit board and chips.

Cell Phones: Modern cell phones are like computers, deleting data using menus may not truly delete it from the hardware. Always wipe your phone by deleting the data using menu settings and then performing a factory reset. Every phone has a different process, so check the phone's manual to restore the phone to its factory settings, or search YouTube for an instructional video. According to PCWorld no wipe solution is perfect. The only way to totally guarantee old cell phone data is gone for good is to take the phone apart and physically destroy the memory chip.

Physical Disposal:

Non-Profit: After you make sure you wipe all sensitive information from the device you may want to consider giving it to a local non-profit organization. Although be aware that many organizations have become more selective about what devices they will accept.

Recycling:

Check with your local city or county. Many have computer recycling programs. In my county all you need to do is take your equipment to a special recycling center.

Following are some additional resources:

Environmental Protection Agency

TechSoup - Ten Tips for Donating a Computer

Apple Product Recycling information

Dell Product Recycling information

HP Product Recycling information

Best Buy

11Dec/090

Protect Your Organization from the Consequences of a Data Security Breach

Trust me: you don't want your agency to be the victim of a hacker, or a thief that steals your private client information. The consequences of not properly protecting your client's private information are difficult at best and at worst could be catastrophic to your organization.

Here's just one example, in one state. On September 22, 2009, an insurance agency in Oregon was fined $11,000 by the State of Oregon Insurance Division for not properly disposing of private client data.

In How to Protect Your Agency from the Consequences of a Client Information Security Breach, I share the foundational information and specific steps you need to know in order to protect your agency. I show you exactly what it takes — step by step — to make sure you properly protect your client information.

Specifically, I reveal how to:

  • Understand exactly what will happen if client data is compromised in your agency. Determine what data needs protection.
  • Use the C-I-A criteria to classify information based on its confidentiality value.
  • Create a data security plan.
  • Take the 7 simple but essential steps to protect client data.
  • Create scaled-down information storage so you only keep what you really need.
  • Complete an information risk assessment to find out where your agency stands.
  • Formulate policies and procedures that can be relied upon immediately if a breach should occur.
  • Take the appropriate but often overlooked steps to physically secure your premises.
  • Properly dispose of sensitive data after your need to use it expires.
  • Conform to the reporting requirements mandated by state law if a data breach occurs.
  • Evaluate the responsibility of third-party providers who use private client information.
  • Examine insurance policies to determine what is covered and what is not covered in the event of a data security breach (in this case, not knowing could be your greatest nightmare).

In addition, How to Protect Your Agency from the Consequences of a Client Information Security Breach contains an executive summary of the 45 state laws along with a link to the actual state statute. A separate section contains application and sample policy information from many of the insurance companies that currently provide an insurance policy that provides coverage for a client data security breach. These two sections alone will save you hours of time spent researching these details.

Some colleagues suggested that I should charge $400-500 for How to Protect Your Agency from the Consequences of a Client Information Security Breach — not based on the page count (even though it is over 80 pages long) — but on the specialized information it contains and how much time and money it will save your agency in setting up an effective Client Data Security Program. "It's a minuscule investment," they argued, "compared to the results it produces."

However, I decided to offer this one of a kind special report for just $199. I may raise the price later, but for right now, I would rather make this timely and critical information available to as many agencies as possible at an affordable price.

My Money-Back Guarantee: If you don't find How to Protect Your Agency from the Consequences of a Data Security Breach helpful and worth every penny you paid for it, I will promptly refund your money. No questions asked.

Could you find similar information for free on the Internet? Yes, possibly. You could likely distill it from multiple sources on the topic after spending innumerable hours researching for trustworthy information. But why wade through all of that? What's your time worth? I have already done the heavy lifting for you. Your time is better spent doing those things that only you can provide for your agency.

I have done the research and come up with solutions that you can implement immediately. If my experience is worth $199 to you, then Click on the button below and let's get started!

Add Data Security Report to Cart