Don't overlook data destruction issues

Many people assume that Section 302 control requirements cover not only data storage but also data destruction. So as you retire old servers and other IT assets, you have to start worrying about how to securely destroy all the data. The last thing you want is for stray information to end up in the wrong hands--or in the news. Chances are you haven't thought much about this. Clearly, an ad hoc policy is dangerous in this era, so you may want to put together a firm policy. Most people say that true data destruction goes beyond hard-drive wiping. Some prefer to wipe hard drives and then deliver them to a third-party and actually witness the pulverization. Some firms will allow customers to watch the destruction remotely over various links. Some rely on "storm cases" to house the drives in transit. All this is worth thinking about--and it could be fun for the IT team.

For more:
- read this InfoWorld article