Data wiping and HIPAA/HITCH
-
@scottalanmiller so you think shredding the hard drive is over kill?
-
@technobabble said:
@scottalanmiller so you think shredding the hard drive is over kill?
I generally think nearly everything that companies do like this is overkill. HIPAA does not require anything that drastic and common security practice does not either. IF the drive can do DBAN or Obliterase, I think that that is plenty and far better for the bottom line (resell drives) and the environment (not throwing away good technology when you don't have to.)
Your risk is not people randomly looking at the drives, you protect against that with software and selling through a third party. You worry about targeted attacks. Don't set yourself up for those and then anything like shredding is way over the top.
Security is all about making it unreasonable to get the data, once you pass that threshold there is not much value to additional security.
-
@scottalanmiller Thank you very much. Never did get a call back from the Shredding company.
-
No problem. De nada.
-
@technobabble said:
@scottalanmiller so you think shredding the hard drive is over kill?
@scottalanmiller said:
I generally think nearly everything that companies do like this is overkill. HIPAA does not require anything that drastic and common security practice does not either. IF the drive can do DBAN or Obliterase, I think that that is plenty and far better for the bottom line (resell drives) and the environment (not throwing away good technology when you don't have to.)
I shred drives because there is already a fee for paper shredding and there is no extra charge. It saves way more time than it takes to setup and manage a machine to run DBAN or Obliterase.
If there is nothing already in place, then I usually go the DBAN route.
With old servers, there is almost no resale value in the drives themselves. They are going to be too small for what most people want to do today. I can buy a 1-2TB SATA drive for less than $75 generally. Why would I want your old drives?
-
-
