What costs would your company face if your sensitive data or your customers’ sensitive data was to fall into the wrong hands? Risk managers take the threat of a data breach very seriously because the costs for remediating a breach can be astronomical. In some cases, a company may never fully recover from a data breach. Among other costs, when a company suffers a data breach, it must pay for:
- The recovery of lost data.
- Legal fees and the cost of paying off lawsuits and settlements.
- Regulatory fines.
Notifications and purchase of credit monitoring services. These costs are in addition to whatever decrease in value or sales your company would suffer from a loss of customer or investor confidence in the wake of a data breach.
IT Asset Disposition: One Possible Source of Data Breach
One possible source of a data breach is IT asset disposition (ITAD), the process through which your company disposes of its unused IT equipment. This could occur when a hard drive or other piece of storage media reaches disposition—resale, for example—before the data stored on it has been properly or completely removed. Hard drives need not be physically destroyed to protect against a data breach. Proper data sanitization—overwriting the data stored on a drive so that it can no longer be recovered—is a reliable and industry-recognized method for destroying data without destroying hard drives. For that reason, companies concerned about the risk of data breach often chose to partner with data erasure vendors that have been certified for proper data sanitization practices by a third party like the National Association for Information Destruction (NAID). Besides NAID certification, another criteria you should require from your data sanitization or ITAD vendor is that it holds data breach insurance.
What about Data Breach Insurance?
As data breach claims have increased across many industries, including with IT asset disposition, there has been a shift in insurance coverage available and how that coverage (and insurance carrier) responds in the event of a breach. The best policies are providing data breach coverage on a first party basis. First party coverage means that the ITAD, as the insured on the policy, is the entity opening/making the claim against the insurer in the event of a breach or privacy related loss. What does that mean to the vendor, and just as importantly, the client? Well, if there is a potential breach, the policy (assuming comprehensive coverage) can help with crisis management, public relations, notification and credit monitoring offers to potentially affected parties, forensics, and a whole lot more. There are lots of different insurance products available to ITAD vendors with varying levels of coverage and applicability. Comprehensive, user-friendly policies/coverage does exist and can be purchased by an ITAD provider – which gives everyone more protection and peace of mind.
Ask your ITAD or data sanitization vendor if it is holds data breach insurance. Similar to certification, when a vendor holds data breach insurance, it demonstrates that vendor is committed to reducing risk for the companies with which it partners, and has the financial stability and sound processes to back it up.
A Complete Guide for Minimizing the Risk of IT Asset Disposition
Looking for data breach insurance and a certified data sanitization process are two strategies companies should be using to reduce the risk of their IT asset disposition process. Our free white paper for risk managers, “A Guide to Minimizing the Risk of IT Asset Disposition,” discusses several others. Download it by clicking on the image below.