Data Destruction Standards
There are many different data destruction requirements and regulations in the United States. This patchwork of standards, guidelines, and regulations can make it difficult for organizations to understand what they are actually required to do. Below we have provided high level guidance to help you get started. If you need more help feel free to reach out!
Email: contact@mansfieldtech.us
The Privacy Act of 1974 created the foundation other regulations such as HIPAA, GLBA, FACTA built upon. We will discuss the history briefly and how this law still impacts data destruction today.
Most commercial organizations are given flexibility under NIST 800-88. But you still need to make "reasonable" sanitization decisions based off your organization's security needs.
Healthcare providers are entrusted with highly sensitive and private information. They also have strict legal penalties in the event of disclosure.
Financial Institutions need protect customer's private data and also their digital currency. The Gramm-Leach-Bliley Act and the Fair and Accurate Credit Transactions Act (FACTA) both have data destruction requirements.
Those involved in Law Enforcement need to follow the FBI's CJIS policy. Data breaches in this can have serious consequences and put investigations at risk.
Federal and Private sector organization entrusted with classified data need to follow NSA PM 9-12. Data breaches in Defense and Intelligence Communities are unacceptable and catastrophic.
CMMC and Data Sanitization
The Cybersecurity Maturity Model Certification (CMMC) introduced by the DOD requires contractors to have a plan for data destruction.