Data wiping is an important part of a businesses information security program. For those in compliance with federal regulations and have a Written Information Security Program (WISP) it likely includes the procedures and processes for data wiping and scrubbing of files, directories, partitions and storage devices. Personally Identifiable Information (PII) is most often stored on digital media. Payment Card Information (PCI) is also likely to be stored on your drives. Due to the sensitive nature of this data one must destroy storage media properly. They must do so to be in compliance with federal and state laws. While the law mandates the proper destruction of data storage devices it is left unclear as to what constitutes “proper”. This article attempts to define a process that meets and exceeds what is expected by regulators.
