When it comes to destroying records at the end of their retention period, I’m guessing that most records managers and archivists will have a well-established program to ensure such records are destroyed securely. There are industry standards for secure destruction, including for example, BS EN 15713:2009 Secure destruction of confidential material and I know many of my colleagues destroy to this standard either in-house or via reputable vendors.
However, are you sure the same is true for electronic records? I don’t mean the deletion of expired records from network drives and backup tapes but the physical destruction of storage media. A recent report from the Information Commissioner’s Office highlighted a big problem in this area. They asked a security company to purchase used hard drives, memory sticks and mobile phones from a variety of sources and identify the contents, if any. 48% of the hard drives still contained data, including 11% containing personal data some of which could enable identity theft to occur. Given that many large companies outsource removal and destruction of hard drives and the like to third parties, can we be sure that our data is actually being securely destroyed?