by Xperien CEO, Wale Arewa
The world of compliance, approvals, standards and certifications can be confusing for those who don’t work in legal and compliance roles. For this reason, it is critical that data erasure products and service providers are certified.
Data is every company's biggest asset and that is why data protection should be a top priority for every business owner. Data protection is becoming more complicated as old electronics become redundant and new devices are added to the network.
Every business generates large amounts of data from numerous sources. This data needs to be protected and maintained according to many local and global laws and regulations. Similarly, data erasure needs to be executed according to strict industry guidelines.
Product certifications endorse a product’s effectiveness by subjecting it to independently-validated quality and performance tests. It is the strongest possible indicator of the quality within the product and the environment in which it was developed.
To earn a certification, service providers need to comply to specific industry standards and data privacy regulations. For example, the Protection of Personal Information Act (POPIA) is South Africa’s data protection law and regulates the usage and collection of personal data.
IT disposal has other legislative requirements as well, namely compliance with the National Environmental Waste Management Act 2008 (NEMWA 2008), the Consumer Protection Act 68 of 2008 (CPA) and General Data Protection Regulations (GDPR).
Compliance affects everyone from employee, suppliers and third-party data, as well as the systems that process it and how it is retained and destroyed. It includes the way personal information is stored, handled, processed and protected, as well as who has access to it.
According to legislation, businesses are required to manage the complete destruction of all data when IT assets reach end-of-life. These laws require IT asset managers to practice due diligence and ensure their storerooms go through the expected data erasure techniques essential to protect company data.
Third-party validations are also important, perhaps even more important than certifications. These validations confirm that data erasure software works as the vendor stated it would. These third-party approvals and recommendations allow customers to trust that products have been verified externally.
For example, to prove data sanitisation, a data erasure solution must not only securely erase data, but also verify that erasure and produce an auditable, tamper-proof certificate of erasure to prove compliance with global regulations.
Data protection helps reduce risk and enables a business or service provider to respond quickly to threats. Compliance is fast becoming a competitive advantage. Customers don’t want to be put at risk, data breaches and issues related to regulatory compliance, associated costs and loss of reputation will have dire consequences for businesses that suffer data breaches.