A False Sense of Security

It’s been a busy time for data protection.

The accelerated growth in data privacy regulations such as the GDPR in Europe and CCPA (California Consumer Privacy Act), along with the increase in widely reported data breaches and the resulting fines, means that data privacy and security and regulatory compliance are high-profile issues that raise concerns for enterprise organizationsacross the globe.

Those growing concerns have pushed organizations to invest 10.5 percent more in security in 2019 than the previous year to protect the integrity of their data throughout its lifecycle. Gartner—the world’s leading research and advisory company—has also now placed data sanitization at the start of the upward “Slope of Enlightenment” in three of its reports—the Hype Cycle for Data Security, 2019; Hype Cycle for Privacy, 2019; and Hype Cycle for Endpoint Security, 2019.1

According to Gartner, these concerns—along with “the ever-expanding capacity of storage media and volume of edge computing and IoT devices—is making robust data sanitization a core C-level requirement for all IT organizations.” Data sanitization is no longer viewed as a “nice-to-have” element of a wider data management practice — it’s a necessity. Enterprises must have effective policies and processes in place to securely manage what happens to data stored on any device at its end-of-life, as well as procedures to sanitize data through life, to meet retention requirements and data minimization best practices. They must become data stewards.

Failing to ensure that devices are clear of customer, commercial, employee and other sensitive data leaves businesses open to potential breaches and noncompliance—both of which carry significant reputational and financial risks.

And yet, in our research carried out with Coleman Parkes into the attitudes and methods of data sanitization of 1,850 of the world’s largest enterprises, we found that a surprising and worrying 36 percent—more than one in three—are taking considerable risks with the way they sanitize data at end-of-life.