Enterprises struggle to implement data sanitization policies

Despite recent legislation placing greater emphasis on privacy and data protection, a new study of data sanitization policies reveals that in many cases there’s a gap between policy and execution.

The study of more than 1,800 senior business leaders by Blancco Technology Group reveals that although 96 percent have a sanitization policy in place, 31 percent have yet to communicate it across the business and 20 percent don't believe their organization's policies are finished being defined.

In addition 56 percent have a data sanitization policy in place that's not being effectively communicated across the full company on a regular basis, increasing the potential for breaches.

"The lack of robust data sanitization policies across global enterprises is alarming," says Fredrik Forslund, vice president, enterprise and cloud erasure solutions at Blancco. "If they fail to formulate and communicate these policies effectively, at every stage of the data lifecycle, they risk putting significant amounts of potentially sensitive data at risk. It is vital they put processes in place, with clear ownership, and auditability for control, assigned to their senior leadership team to mitigate these risks."

Particular issues are that 22 percent of employees are responsible for the management and control of their own end-of-life IT equipment when they leave an organization. Another 22 percent place this responsibility with their line manager.

Old equipment is frequently left languishing in storage too, 87 percent of global enterprises admit not sanitizing assets as soon as they reach end-of-life, while 31 percent report taking more than a month to sanitize these devices. 34 percent sanitize old equipment offsite via a third-party provider, which is not a bad thing provided the contractor maintains a detailed audit trail.

Other findings are that 40 percent believe contractors and freelancers are the least likely to understand or comply with their data sanitization policy.

There's not only a lack of clear ownership around the implementation of data sanitization policies but also a lack of accountability around how enterprises are complying with them. The responsibility is spread across different job roles including the head of compliance (30 percent), head of IT operations (15 percent), head of operations (14 percent), head of legal (11 percent) and data protection officer (nine percent), leaving enterprises open to compliance breakdown and fines.

There's more detail in the full report which you can get from the Blancco site.

Photo Credit: Amy Walters /Shutterstock