Data Security Risk, Compliance and Cost – A Balancing Act in Corporate America

July 5, 2016 at 9:51 am by SEM

Ever wonder how private industry balances the need to make profit with the escalating costs of managing data risk and privacy law compliance? Who has the power, the CFO who watches profitability, the CSO who controls security or the Risk Manager who looks at the potential liability?

It is a daunting task to try and measure the potential liability of a privacy breach. The CSO will tell you that it makes most sense to be proactive through the development of programs and processes that protect the data. While these upfront investments are significant, they pale in comparison to the potential liability costs resulting from a law suit. The CFO will argue that it’s just too costly to implement the comprehensive program that is requested by the CSO and the Risk Manager is hovering above them both with doomsday scenarios. So who’s right?

There doesn’t seem to be one answer to fit all. Most of what you read today concerns cyber security programs and various tools to protect electronic data. But what happens when the stored data is no longer needed? A good physical destruction program can remedy this dilemma.

Shred Service vs. In-House Program

Many companies look to shred service companies to provide on-site shredding services. While these services can be effective, they are typically designed for the destruction of paper. But as we all know, most of the data resides on electronic media, such as back-up data tapes, hard disk drives and other similar media. As such, the on-site shred service must be able to provide an effective service that includes the ability to destroy this type of media. This can get very costly.

A more secure method of destroying electronic media is to simply do it yourself. It’s always more effective if you have control of the process. At SEM, we offer a wide variety of information destruction and sanitization solutions for virtually every form of media. These systems are designed for low volume office or high volume warehouse environments.

So how does corporate America determine what’s best? How do you measure the cost of a shred service against an in-house solution and factor in the overall potential risk?

To determine the best cost the CFO can do a simple Return on Investment (ROI) calculation, capital purchase vs. monthly shred service expense. The CSO should measure the most effective method of discarding the information, in-house control vs. reliance on a third party service and the Risk Assessment Manager should be answering the old Midas Muffler question of pay me now or pay me “big time” later.

No one answer is right or wrong. We have seen companies implement a complete control program by implementing a comprehensive in-house program that includes paper shredders and hard drive shredders and other media destruction systems. Others simply contract with third party on-site or off-site shred services while others have executed a hybrid of both. It’s purely up to the corporate culture and in many cases; it is the manager who makes the strongest argument within the company that typically wins out. It almost sounds like the start of good story – a CFO, CSO and Risk Manager walk into a bar. One says to the other……….

If you are looking for an in-house solution, give us a call at 800-225-9293 or contact us at and let our consultative sales personnel provide some suggestions to best meet your financial, risk and security goals.

Explore More