Secure Data Recovery: Privacy Protocols for Data Recovery
One of the most important things a data recovery company can offer its customers is peace of mind. Customers should sleep easy knowing that the company keeps their personal data private in a secure facility. Professional data retrieval service providers lay out and follow clear data recovery privacy protocols to keep your data safe—whether you’re a home user, a small business owner, a medical clinic or hospital, or a government agency.
How Safe Is Your Data in a Data Recovery Lab?
When it comes to data recovery, people can sometimes be leery about handing over their laptop’s hard drive filled with sensitive financial information, or their external hard drive filled with years upon years of family photos, or their phone. Understandably, we all have an aversion to people pawing through our stuff.
After all, when you need data recovery services for your computer, your phone, or your external hard drive, there’s going to be a person looking at your data. This is true no matter which data recovery service provider you send it to. It’s just an unavoidable fact of data recovery—there’s always going to be a human behind the wheel. That human is bound to see at least some of your data. At the very least, they must guarantee that the data they recover actually functions as intended.
What a Data Recovery Company Committed to Data Recovery Privacy Looks Like
- Employees who have gone through background checks and have been trained in IT security and safely handling sensitive data
- A facility that safely and temporarily stores customer data until the customer receives their recovered data
- A secure website where clients can view their case results without risking other people viewing their sensitive data
- Periodic internal and/or external facility audits to make sure their data recovery privacy protocols are up to snuff
When shopping for a data recovery service provider, you can get a good handle on how customer-friendly they are (and might learn about how good of a job they do to keep your data private) by checking them out on the Better Business Bureau.
The BBB rates businesses on an A-F scale, similar to the grading system used in schools. It both catalogs and helps to mediate customer/business disputes. For any given company, you can see whether they’re BBB accredited, what grade they have, and any history of disputes. Good companies will usually have few (or no) disputes. Any disputes they do have on their record will usually have been fairly and quickly resolved. A data recovery company with a good BBB rating will likely have no problem respecting the privacy of your data.
Our Data Recovery Privacy Protocols
When we work on a data recovery case, we create a “clone” of the data on the customer’s storage device. The clone lives on one of our internally-used hard drives. These drives never leave our facility under any circumstances or for any reason.
Unless a customer asks us to hold onto their data for longer and keep it archived for a few months in our facility, we completely erase their recovered data one week (five business days) after we’ve delivered their data. Once we’ve successfully zero-filled one of our internal customer data drives, it goes back into circulation. It goes on to store data for another case, and the process repeats itself. When a drive wears out, we break it down for spare parts.
All of Gillware’s employees are well-trained to keep our customers’ private and sensitive data safe. We perform background checks on all of our employees, from our customer service representatives to the data recovery engineers in our cleanroom lab. We lock down our facilities to prevent unauthorized access, and we keep a close eye on visitors to our lab. When we send a data recovery customer a list of files to view so they can see the results of our efforts, our secure case portal ensures that only they can see their case results.
For clients with even more stringent data recovery privacy requirements, especially large corporations with extremely sensitive proprietary data they need recovered, Gillware can agree to further non-disclosure agreements as needed.
Maintaining Secure Data Recovery Facilities with SOC 2
Assure Professional, an independent review group, audits a company’s operating procedures and rules according to rigorous standards. The Service Organization Control (SOC) 2 Type II audit gauges how well a company meets three “trust service principles”. These principles are security, availability, and confidentiality. Gillware’s data recovery facilities have been SOC 2 Type II audited. These audits ensure the safety and privacy of all our customers’ sensitive data.
HIPAA Privacy Standards and Data Recovery Privacy
Few industries are as concerned with privacy as the healthcare industry. Hospitals, clinics, and other organizations deal with an overwhelming amount of extremely sensitive data and ePHI (electronically protected health information). HIPAA (the Health Insurance Portability and Accountability Act of 1996) established guidelines for properly safeguarding this medical information.
Of course, healthcare organizations need data recovery services sometimes, too. When an IT disaster causes data loss, businesses and organizations in the healthcare industry need secure data retrieval providers with a commitment to HIPAA-compliant data recovery privacy.
When dealing with HIPAA-protected data from clients in healthcare, Gillware takes all appropriate steps to meet HIPAA-compliant data recovery privacy standards. We sign HIPAA BAA (Business Associate Agreement) contracts with healthcare industry clients. We keep a clear record of the chain-of-custody for every case in our data recovery lab that deals with ePHI. When we successfully solve a case, we transmit all recovered data with secure 256-bit AES encryption. This ensures that our data recovery process meets HIPAA standards for ePHI.
As it turns out, as long as the lab in question cares a lot about its customers, your personal information and sensitive data is very safe within a professional data recovery lab.