With the emphasis in disaster recovery planning on safeguarding and restoring data, it may sound strange to talk about deliberate data destruction. After all, isn’t that the exact opposite of what DR teams in businesses are trying to achieve? However, like the yin and the yang of the universe, destroying data is a natural counterpart to safeguarding data. Not only can old or stale data confuse and pollute information searches, but it can also adversely impact the efficiency of DR and even expose companies to legal problems they could do without. The question is then not “if”, but “how” – how do you throw data out?
The first step, logically, is to know what you need to keep and what you need to junk. To take an example in each case, vital records meaning the information without which your firm cannot function have to be (very well) safeguarded, whereas information that has passed its “sell-by” date and which you are not legally required to keep is a candidate for the bin. An initial check with your legal department or counsellor is best in order to start sorting your data correctly. Good disaster recovery planning then also simplifies and minimises data retention where possible to maximise the chances of DR working properly when it’s needed.
When you’ve decided what stays and what goes, you’ll need to think about how it has to go. In some instances, overwriting the media on which the old data is stored is enough. In other cases, shredding, incinerating or hard reformatting is required. When you’ve made your choices, write up a data destruction plan that explains the choices and the processes. Keep it with your disaster recovery planning documents, so you can avoid having to recover from a possible disaster of having too much data, as opposed to having too little.