As part of Data Privacy Week, Eric Dorn, SVP and General Manager, Sipi Asset Recovery, shares the single most common data security disconnect he witnesses almost daily. And it’s keeping him up at night.
“Data in transit risk is a critical problem that needs to be addressed! Specifically, equipment and devices moving from one customer’s facility to another facility or to disposition. For National Data Privacy Week, I recommend a thorough review of your end-to-end transit chain of custody process.
Oftentimes we (Sipi Asset Recovery) receive gaylords, pallets, or a truckload of devices and equipment that were accumulated and packed over several weeks or months. This equipment and/or devices arrive without a scanned serial number list and rarely an itemized quantity which makes it virtually impossible to verify. Ironically, the shipper includes very specific disposition instruction to prevent a data breach, once the equipment and/or devices have reached their designated location but has not addressed the significant risk arising from a lack of oversight of secure tracking and handover of valuable, possibly data-laden IT equipment.
The terrifying and real problem is this: if the shipper does not know exactly what they have shipped, there’s no way that their job can be verified before processing. This gives ample and widespread opportunities for a data breach to occur due to a lack of accountability at every step: storage, packing, loading dock, warehouse staff and logistics (to name a few). Additionally, the lack of verified data destruction (shred, wipe, degauss) or encryption before loading amplifies the data security challenge. If a single device, or worse, a pallet or a box of multiple devices, goes missing, how do you know what is missing and the liability involved?
A comprehensive chain of custody control process resolves this significant vulnerability in data custody. Detailed serial # scanning, packing, and shipping on the front end and signatures as shipments change hands will completely remove ambiguity and close that very real gap in IT asset tracking and data risk. At Sipi Asset Recovery, because we scan and verify upon receipt, we know immediately if something is missing and exactly what that missing device is.
For Data Privacy Week, protect the privacy of all your customer and company data with the winning combination of secure onsite data destruction and/or encryption for all devices and a secure chain of custody process. No matter how large or small the shipment, the process should include barcode scanning and inventory as you pack and ship and signature verification at every handoff to the carrier. With a strict chain of custody process that is adhered to, you’ll significantly reduce the opportunity for an accidental or nefarious data breach and keep your brand reputation intact.
I welcome anyone to reach out to me for guidance on a chain of custody process that includes all their vendors, partners, and staff. We can work together to stop data from getting into the wrong hands and I’ll be able to sleep at night.”
Eric participated in a series of Data Privacy Week articles posted by Guardian Data Destruction, see the rest of the articles here.