Mobile Data Shredding

Have you ever read news articles in the newspaper reporting some sort of security breach in a company or government agency involving lost or mismanaged paper files or computer backup media?

In every state of the country these types of mishandled secure personal, financial, medical or corporate data occurs daily. Sometimes the local news media hears of it, sometimes it does not. Sometimes the authorities discover a security breach; when that happens things can get publicly messy and expensive.

Federal and State Governments are very serious when it comes to protecting citizens’ rights, including rights for privacy. Identity theft is just one example.

You can go to the Legislative Compliance section on our website to read more about privacy laws, including FACTA, GLB and HIPAA.

If you are a resident of Maryland or operate a business in Maryland, you may be interested in PIPA, the Personal Information Protection Act.

Within PIPA there are quite a few mandates including requirements for notification to officials as well as those consumers who may have been harmed. In addition, the business with the security breach must conduct an investigation to determine the fallout of the offense. Naturally, all of that can get pretty costly, as lawyers, investigators, police and the OAG all get involved. Once the newspapers, TV and radio stations catch wind of these incidents, a much higher cost is paid; that is consumer confidence in that company, including its procedures and reliability when dealing with the public’s most private information.

Here is a link to Maryland’s PIPA Guidelines:
www.oag.state.md.us/idtheft/businessGL.htm

You may find it interesting that, in addition to paper files, computer tape, CD’s, VHS tape, flash drives, hard drives, etc. there is another ordinary device that holds a lot of data. Digital Copiers Could Be An Identity Theft Threat as well. Many mid-size to large copiers manufactured since 2005 include hard drives, that contain images of any document that has been scanned or copied.

The data held on the digital copier hard drives is held to the same standards as other types of media and governed by PIPA as well.

For more details see:
http://www.oag.state.md.us/idtheft/Copiersecurity.pdf

How does this involve Mobile Data Shredding?

As part of the PIPA guidelines, an additional practice is mandated:

“When a business is destroying records that contain personal information, it must take reasonable steps to protect against unauthorized access to or use of the personal information. A business that owns or licenses personal information must implement and maintain reasonable security procedures and practices appropriate to nature of the personal information and nature and size of business.”

Mobile Data Shredding, Inc. is your source for compliant, secure, data destruction services. Our programs, including Scheduled Shredding and On-Demand Shredding Services will provide you with a low-cost, high level of confidence in managing sensitive materials recorded onto paper or computer backup media. Contact us directly to discuss these measures.

Mobile Data Shredding, Inc.
8841 Kelso Drive
Baltimore, MD 21221
877-225-6010

Healthcare IT News
July 20, 2010 | Molly Merrill, Associate Editor

Mass. hospital investigating the potential loss of back-up data for 800,000 individuals

WEYMOUTH, MA – South Shore Hospital in Weymouth, Mass., reported on Monday that back-up computer files containing personal, health and financial information for approximately 800,000 individuals may have been lost by a data management company that was hired to destroy them.

Officials at South Shore Hospital, a not-for-profit, regional provider of acute, outpatient, home health, and hospice care for Southeastern Massachusetts, said the files were being destroyed because the formatting was no longer compatible with what the hospital used.

According to the hospital, files were sent to a professional data management company for offsite destruction on Feb. 26. When certificates of destruction were not provided in a timely manner, officials said they pressed the data management company for an explanation and were finally informed on June 17 that only a portion of the files had been received and destroyed.

The hospital’s investigation has revealed that the computer files contained personally identifiable information for patients who received medical services at South Shore Hospital – as well as employees, physicians, volunteers, donors, vendors and other business partners associated with the hospital.

The information on the files may include individuals’ full names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, protected health information including diagnoses and treatments relating to certain hospital and home healthcare visits, and other personal information. Bank account information and credit card numbers for a very small subset of individuals also may have been on the back-up computer files, said officials. You can read more here

Regarding: Federal Trade Commission, Fair and Accurate Credit Transactions Act (FACTA), and Red Flag Requirements.

Mobile Data Shredding, Inc. is a good resource for you regarding FACTA, Red Flag Rules, and other legislation involving data security management and destruction. Feel free to contact us any time for more information. Our involvement can be help in your security procedures planning. With that in mind we have compiled a basic overview of information below that may be important for your organization.

FACTA has a great deal of influence over the activities and procedures involved in our daily activities in the Paper, Computer Tape and Hard Drive Shredding and Destruction business.
FACTA is a Federal act administered by the Federal Trade Commission (FTC) and designed to protect America’s consumers from Identity Theft and other illegal activities involving their personal, confidential financial information.

FACTA is directed specifically toward financial institutions and creditors; those organizations that require consumer financial data in order to conduct their business. These companies are compelled to take responsibility and proper care of the private information that is in their custody. That management absolutely involves thorough, secure destruction of documents and other data storage mediums (such as tapes and hard drives) that have come to end-of-cycle.

A financial institution is defined as:
• State or National Bank
• State or Federal Savings and Loan Association
• Mutual Savings Bank
• State or Federal Credit Union
• Any entity holding a “transaction account” belonging to a consumer

A creditor is defined as:
• Finance Company
• Automobile Dealer
• Mortgage Broker
• Utility Company
• Telecommunications Company

FACTA, under new FTC guidelines has issued additional requirements to the regulated companies described above. Those guidelines fall under the Red Flag Rules.
Under the Red Flag Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs also known as the “Red Flags” of identity theft. Among the requirements, the program must include procedures and actions that would prevent and mitigate the suspicious use of applications documents, reports, transaction activity, etc.

Implementation of the Red Flag Rule (section 114 under FACTA) states that financial institutions and creditors are required to comply by 6/1/2010.

Our Scheduled, Secure, On-Site Shredding services will meet and manage those requirements for you. Please don’t hesitate to contact us if we can be of any assistance with compliant records destruction.

Mobile Data Shredding, Inc.
877-225-6010
http://www.mdshred.com

Mobile Data Shredding is pleased to present this informative two-page pdf on our Computer Tape and Hard Drive Destruction Services. This information may be useful even for those who already have shredding programs in place. We’d love to hear your comments as well!

Click here to download this informative document (pdf)

Barcode Scanning Benefits for On-Site Computer Tape & Hard Drive Destruction Services

We’ve been thinking about all the different ways we’ve been helping our clients get the best service for the best value and noticed a trend towards the need for more accountability in data security in last few years. Often, several different departments (whether it’s Legal, IT, Upper Management or other) are on the line to ensure 100% verifiable security in the data destruction process.

In the fight against loose security measures and potentially lost or misplaced media (which can literally cost a company millions in the wrong situation), Mobile Data Shredding has developed a valuable option. For clients needing the highest level of verifiable security and data destruction tracking for your Computer Tape & Hard Drive (media) destruction projects is in our Destruction Inventory Reporting Service.

That report is effectively a specific post-mortem account of all the media designated and demolished.

As a result, your company’s security, legal, facilities, IT, and management teams will all be satisfied with the release from liability and comfort that all that retired media isn’t lingering around any longer.

Most every Tape Cartridge has a unique vol/ser # barcoded label. Hard Drives have them, too.

As part of the staging and logging process, these labels are scanned, using our programmable barcode scanners, and then downloaded to a laptop computer, where the Destruction Inventory Report is created in Excel format. The report is a listing of every single vol/ser # scanned and destroyed.

Once we’ve completed the media destruction you’re presented with our Certificate of Destruction including a general description of the media destroyed, date, time and signed by an authorized Mobile Data Shredding employee.

At the same time you can have your Destruction Inventory Report, with specific details, via email or stored onto a flash drive.

That makes the entire process complete. Secure … On-Site … Fast … Safe … Efficient … Supervised … Detailed … Proof-Positive … Economical.

When contacting us for your media shredding projects, don’t forget to ask about our enhanced Destruction Inventory Reporting Services.

The Most Dangerous Backdoor to Your Data Center’s Security

In 2005 one of the largest banks in the U.S. lost data tapes with credit card numbers and social security numbers of 1.2 million federal employees, including senators.¹

In 2007 a single stolen data tape in Ohio contained the social security numbers and private information of 1.3 million individuals and businesses.²

In 2008 a Fortune 500 company had a computer tape stolen from a delivery truck that contained the names, addresses, birthdays, Social Security numbers, marital status, bank account numbers, salaries, and hiring and termination/retirement dates of hundreds of employees. In addition, the tape has Social Security and address information about dependents of former and current employees.³

A single misplaced, improperly stored/transported, or improperly disposed of data tape or hard drive can be catastrophic to any organization, their clients and employees. This breach, even if the theft never ends in abuse, creates a breach in trust that can damage a reputation for years.

Portable magnetic computer tape storage devices have been prevalent in the data processing world close to 50 years. This storage media has been invaluable in processing, storing, and restoring huge amounts of information for a relatively small cost.

Technology in this arena is fast moving and ever changing. As a result, in the past several years the capacity, speed, and price of magnetic storage (computer tape cartridges) have made incredible advancements. A common tape cartridge sold today has a compressed capacity of 1.6 terabytes.
The message is quite simple. In these very small packages are stored enormous quantities of data including company financials, payroll, proprietary files, human resources records, medical, personal, social security, investment, and identity information. The tape and its contents absolutely must be managed properly.

As technology changes, newer, faster, cheaper and more compressed types of computer tape cartridges are adopted, the older tape cartridges are retired. Most of this retired tape still holds valuable data. Security and liability issues make the destruction of this tape (and more importantly, the data) a real serious concern. The legal, security, facilities, IT, and management departments all have the same concerns in disposition of this media. As a result, many times the tape sits idle in the computer facility, tape library, or off-site storage location taking up valuable space and naturally poses a higher exposure to loss.

Over the years many solutions have been proposed to this growing problem. But on-site degaussing, shipping to an incineration site, or manual one-by-one destruction options all have significant issues with time, cost, or risks of security breach.

If sent off-site for total destruction, once those cartridges, holding live data, leave the confines of the data processing center, tape library, or off-site storage facility, a lot of bad things can (and have) happened. Consider trucking accidents where the trailer is wrecked and computer tape spread onto the highway. The shipment is occasionally delivered to the wrong location, delayed because of weather, goofs, or miscommunication. Once delivered to a destruction or incineration plant, the tape is generally staged and/or batched with other materials, allowing further possibilities of loss, theft, viewing, and other general mistakes. While there are methods and procedures to minimize exposure, including shadow trucks, company personnel as passengers, satellite tracking, etc, the possibilities remain very real that this densely packed media can be compromised at some point along the transportation trail.
Degaussing is generally effective when proper attention is paid; the degausser has the capacity and strength to fully erase data. Many cartridges require multiple passes to ensure total erasure. Only the best grade and sturdy commercial degaussers can be operational for more than a few minutes at a time. The equipment is expensive and one particular degausser will not necessarily be the panacea for every type of computer tape in the library because of various cartridge density or size considerations. Costs for internal personnel resources and time play significant roles as well. Degaussing is a very slow, monotonous process.

Tape guillotines, whether manual or automated will destroy a tape cartridge…one at a time. Multiply the size of the tape library to be destroyed by a couple of minutes per cartridge to determine how many hours are involved. Add to it the cost and maintenance of the machine, the manpower, space, diversion and time. At the end, the computer tape, while totally un-useable or recoverable, still has to be disposed of properly.

Ultimately, best practices dictate that certified on-site secure shredding of computer tape or hard drive is a complete, thorough, visual, real-time and proof-positive shredding method for destruction and disposal. This is an out-sourced service performed at the actual data center location under the supervision of any concerned employee in the company and in full view of all security devices, cameras and video monitoring systems. The process is quite fast, completely destroying tape cartridges. Several hundred can be shred every 4-5 minutes, with a constant flow possible, giving a capacity of tens of thousands in less than one 8-hour shift. Once the destruction process is complete, the mobile shredding vehicle leaves the facility and all liability, security, disposal, and logistical concerns are eliminated.

Hard drives, whether they are laptop, desktop, or server varieties all also carry the same concerns as retired tape. Hard drives can also be securely shredded on-site using the same certified procedures.

If transport is required then encrypted digital transport is recommended, followed by certified on-site destruction of the physical media.

About Mobile Data Shredding, Inc.:
Mobile Data Shredding, Inc. provides secure, on-site tape/hard drive/document destruction services to the Baltimore, Washington DC, Boston, Philadelphia, and general Northeast and Midlantic regions. For more information visit http://www.mdshred.com or call (877) 225-6010.

About the Author: Mike Dodson, founder of Mobile Data Shredding, is a nationally recognized data destruction expert with over 25 years in the data processing and computer media industry. He has provided consulting services and support to Fortune 500/100/50 corporations across the nation.

Sources:
1 http://www.msnbc.msn.com/id/7032779/
2 http://privacy.org/archives/002096.html
3 http://www.breachblog.com/2008/07/18/bms.aspx

This whitepaper was also published on the Data Center Journal: http://datacenterjournal.com/content/view/2867/40/

Let Us Build You a Routine Schedule for Removing and Destroying Sensitive Material On-Site.

Click below to download our Info Sheet

Click on the image below to view this information as a full size pdf.

Scheduled vs On-Demand Shredding Services

Mobile Data Shredding is pleased to present this informative one-page pdf on the Top 10 Reasons to Shred and What Needs to be Shredded. This information may be useful even for those who already have shredding programs in place. We’d love to hear your comments as well!

Click here to download this informative document (pdf).

Fast moving technology has made computer tape conversions common place. It is very likely that you have excess retired and/or out-dated computer tape cartridges occupying valuable space in your data center. Their sheer existence represents potential security or compliance concerns.

Shred or Sell? In either case Mobile Data Shredding, Inc. will be of benefit to you. You can find more information regarding this program on our Shred or Sell section.