When we ponder compliance and data retention, we think mainly of how to properly store per all the FRCP and other regulations. We do not often think about the disposal of assets--which might be a mistake because proper disposal is an issue that can crop up in surprising ways.

We've noted the risks associated with the disposal of office machines. The hard drives of copiers, printers and faxes are hardly secure and loom as treasure troves for data thieves. It's unclear to what extent information from these drives has actually been exploited. But enterprising thieves will stop at nothing.

More conventionally, executives are thinking about destroying data on old computers when it is no longer necessary to store it. A recent survey found that nearly three quarters of respondents say the issue is "extremely important." About 65 percent say their organization destroys the data internally rather than relying on a vendor. This was achieved most often by drilling, shredding or breaking, followed by overwriting and then degaussing.

Savvy to these issues, IBM has just bolstered its risk management software portfolio this month by buying PSS Systems, a provider of information governance software that in part aims to "to minimize their legal risk by disposing of potentially legally damaging information as soon as they are allowed to." Most companies want to hang on the records per the rules, but they also want to destroy as them as soon as possible. All in all, it's worth pondering the destruction of data via a very broad lens.

Related Articles:
Overlook VoIP compliance issues at your peril
Gartner: Security IT spending holding firm
Drilldown: Section 7 of PCI-DSS
The most effective anti-fraud tools?