Chapter 25: Data Security and Privacy Practices
Data Destruction / Media Sanitization
FIPS-compliant wiping (digital media)
D-BAN
Eraser
Burning (paper and digital media)
Shredding (paper and yes, drives)
Pulping (paper)
Pulverizing (drives)
Degaussing (media and drives)
Purging (data)
Certificate of Data Destruction
Data Sensitivity Labeling and Handling
US Government Standard Labels
Confidential
Secret
Top Secret
Other Labels / Standards
Private
Public
Proprietary
PII
PHI
Data Roles
Owner
Steward / Custodian
Privacy Officer
Data Retention
What must be kept
How long
Laws and Regulations
HIPAA
HITECH
Fair Credit Reporting Act
FTC Disposal Rule
FOIA