Data Sanitisation and Its Impact on Business Continuity

In data management, the way you delete information can be as important as the way you keep it. Confidential information that finds its way into the wrong hands can lead to loss of advantage over competitors, public relations crises or other threats to business continuity. However, that doesn’t mean the wholesale destruction of data within an organization: legal archival requirements exist for publicly held businesses. In addition, information is now a valuable asset for many organisations. But how do you manage its selective release or ‘sanitisation’? This is already a challenge for paper-based information; for digital data, the difficulty is greater still.

Take an example of a company business plan made with a word-processing application. The same document may be the basis of company operations, investor briefings, press announcements and even responses to court demands for information. However, not everyone will or should see the same information. One way to make information invisible in different versions of the document is to cover it up digitally with images or white space – just as paper documents are sometimes masked with typing correction tape or felt pens. However the problem is that the original information still exists in the document and it may be possible to ‘peel off’ the digital image to look underneath.

So how about simply making a separate version of the document and deleting the data as necessary? While on the surface this appears to work, computers don’t always truly delete data. The original version of the document may be recoverable in a number of ways. One way is to search the computer storage medium for data which the computer has simply marked as no longer required (can be overwritten), but which still exists in part or in whole. In short, if you want to really sanitise data, you should at least make sure you really overwrite it with another completely different (and non-confidential) file or use one of the other advanced sanitisation methods available, such as ‘gibberish generation’ or encryption.