In a March 25 front page article in the Minneapolis / St. Paul Business Journal, it was revealed that sensitive records including employee Social Security Numbers, payroll information, and medical records, from a long-defunct tech company were inadvertently auctioned off along with the filing cabinets they were stored in. In this instance, the story ends happily; the founder and former CEO of the company was able to purchase the records from the buyer and secure them. However, it’s not hard to see how this could have turned out for the worse. So what should be done? In this case, the CEO was advised by his lawyers to retain certain files and so he simply held on to all of them. In all likelihood, he didn’t know exactly what needed to be kept and so he kept everything. While that may have seemed like a good idea at the time, not destroying all but the key documents ended up coming back to bite the CEO a full decade after the company shut its doors. Due to the fact that the data was outside the CEO’s control for a number of weeks, he is required by certain state laws to notify individuals that the security of their personal data had been breached. While it may seem unnecessary on the surface, especially in this age of ever cheaper digital storage, a good data classification, retention, and destruction policy is of paramount importance to every organization. While your organization hopefully won’t go out of business any time soon, such a policy also helps to secure sensitive information during the course of regular business operations. The cost of a data breach is ever-increasing, both in terms of reputation and dollars, and no organization profits from losing sensitive personal data on its customers or employees. By properly classifying your sensitive data, you can apply controls more appropriately and efficiently. Also, always remember the rule of thumb for storage of sensitive data: if you no longer need it, get rid of it!
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
YouTube session cookie.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Discover why security operations teams choose NetSPI.