How to Dispose of Sensitive Documents
PCI Requirement 9.8.1 requires you take two steps to securely dispose of sensitive documents:
- Shred, incinerate, or pulp hardcopy materials so that cardholder data cannot be reconstructed.
- Secure storage containers used for materials that are to be destroyed.
Why do you need to use secure storage containers to secure materials that are going to be destroyed anyways? The use of secure storage containers prevents media from being compromised while it’s being collected. An assessor will need to examine your storage containers during the assessment to verify that they are secure.
PCI Requirement 9.8.1 lists three specific ways to dispose of sensitive documents (shred, incinerate, or pulp) because these are the most secure, permanent ways. The PCI DSS explains, “If steps are not taken to destroy information contained on hard disks, portable drives, CD/DVDs, or paper prior to disposal, malicious individuals may be able to retrieve information from the disposed media, leading to a data compromise.” There are more ways to dispose of sensitive documents than to shred, incinerate, or pulp, but whatever method you use, the media cannot be readable or reconstructed after you’re done with the disposal process.
PCI Requirement 9.8.1 requires that your organization would shred, incinerate, or pulp hard-copy materials to render them unreadable. From a hard-drive perspective, sending it off to a shredding company and getting a shred certificate might be appropriate. At the end of the day, when you’re done with this media, whether it be printed or tapes or electronic media, there is a plethora of ways that you could go about destroying the information. This requirement requires that you physically destroy the media so that it can no longer be read after you are done with that process.
From an assessment perspective, we’re going to look at those processes. If you’re shredding material, if you’re degaussing the material, if you’re using a military wiping tool, we’re going to look to see how you’re performing that. We might even ask you to demonstrate that. The testing of this is really not cut and dry. We need to ascertain what you’re doing renders that media unreadable.