Data Deletion Data Disposal Data Governance Data Governance Framework Data Governance Framework- Data Disposal and Deletion Procedure

Data Disposal and Deletion Procedure Template| Data Governance Framework

by Poorva Dange

Data Disposal and Deletion Procedure Template incorporates oversight and enhanced policies to manage, secure, monitor, dispose of, improve, and protect an organization’s data. Provides a comprehensive strategy and policy direction for ensuring operational efficiency and data compliance, and in performing organizational business functions.  As part of normal organizational activities, gathering information from different sources and create a recording of organizational data in volume that can be stored physically, electronically or both. Although there is data to be stored, attempting to excessively retain(ed) data can unnecessarily use up physical and electronic storage areas.  

Data Governance Framework- Data Disposal and Deletion Procedure

Options To Dispose of Physical Files

With regard to the disposal of sensitive information which is kept in a physical format like paper, company will make sure that documents which are obsolete are disposed of in the following ways: 

1. Incineration: The recommended method will be to burn the paper until it is reduced to ash and the ash is disposed of in a dump.

2. Shredding: A shredding device will be used to cut the paper in a manner that will not allow the pieces to be reconstructed easily. If shredding is the method employed, then shredding machines which slice paper into strips will not be used because those strips can be turned back into documents. Instead, shredding machines with cross cut or confetti features will be used because such machines are capable of rendering the paper into so many pieces that recovery of information is impossible. 

3. Pulping: Paper will be mixed with water and some other chemicals to help disintegrate it before it is put through the recycled paper process.

In the case where physical data disposal is outsourced, the owners will ensure that third-party service contracts have the necessary terms and conditions which meet the requisite legal obligations and the aforementioned methods of physical data disposal are provided. 

Disposal Methods for Detached Electronic Media 

As for the sensitive data which can be stored on removable electronic media or hard disks, CDs, DVDs, USBs, Databases, organization will make sure that these type of media are not needed anymore, will be properly disposed through these methods: 

Clearing or Over Writing Data: These data clearing techniques will be applied to the standard storage device. These techniques include setting a new value to the data, or in case of a device among others which under no mechanism can write be done, resetting it to its original state, or using wipe or delete data secure option. This covering approach will be used to public or inhouse data which is not sensitive. 

Purging Data: These techniques are both constructing and reconstructing which are actively performed which render the data null. The technique includes a variety of techniques including degaussing, cryptographic erasure or even purposive splintering. This advanced technique of data purging will be reserved to restricted and confidential data.

Disposal Method Decision Making and Disposal Verification

1. Disposal Method Decision:

An organization should commit a data disposal risk assessment team including IT Security, Risk Management, Legal, IT teams, and Chief Data Officer.  When you look at how long and which data must be disposed of based on security analysis you need to set up an appropriate disposal timeline. Upon finishing the risk evaluation and choosing how to handle the data the data owner prepares a documented process with needed resources to make the disposal happen successfully.  The disposal member either from the team or from a third-party maintains accurate records about the data disposal work. An automatic documentation tool will serve to enhance overall efficiency.

2. Disposal Verification:

When the disposal ends need to confirm that this process used the security methods and levels written in this document. The team will check final disposal completion for sensitive and limited information.  The team will check a sample set of monthly disposed internal and public data for verification purposes. IT security and designated IT personnel will conduct the verification on behalf of the system owners, and the results will be communicated to the data owners. Should any problems occur, the data owners will address them directly, or the issue will be brought to the attention of the Data Governance Council and CDO for additional resolution.


An Effective Disposal and Deletion Plan Contains These Basic Factors

  • Data Classification and Scope Definition

Effective disposal starts by stating which data needs to be erased and finding all organizational system areas where it exists. Organizations need to decide their data categories for both electronic and physical files then place them into sensitivity groups (classified, sensitive, unclassified). Organizations can use this scheme to choose disposal resources first and then pick the right data wiping method for each information type on different storage media.

  • Retention Schedules and Disposal Triggers

Retention guidelines explain what period different data types should exist before destroying them to strike a balance between saving money and fulfilling organization standards and operational needs. Organizations need to set official times when they must keep data according to department and legal rules. Retention schedules need to follow rules and internal periods to keep essential information.

  • Deletion Methods and Techniques

The procedure must state which deletion methods are suitable for each kind of stored data. Most media systems require a specific destruction process such as driving magnets for hard drives, breaking SSDs physically, and using a shredder for flash drives. The basic delete commands do not fully erase data which forces businesses to choose from advanced techniques including data overwriting and manual destruction

  • Documentation and Verification Requirements

All organizations need complete records to handle their data disposal work. Organizations need to write detailed records explaining their data-sensitive destruction practices in line with their established rules. Companies maintain records showing that they met legal rules when they destroy data. Their staff can use these documents to handle the disposal work.

Summary

The data disposal and deletion procedure covers the Disposing of physical files with regards to the sensitive information stored, and the methods of disposal for detached electronic media, and the basic factors for an effective disposal and deletion plan .

More from: Data Deletion Data Disposal Data Governance Data Governance Framework Data Governance Framework- Data Disposal and Deletion Procedure
Back to Data Governance Framework