Consumer privacy critical after store closure

cash register
It's critical for retailers to erase all personal data when closing down a store location.

With the abundance of store closures in 2017, one aspect that is often overlooked is the managing of unwanted tech hardware and servers. Retailers need to worry about safeguarding both corporate and customer data so that they can keep their reputation. 

“Closing a retail outlet entails much more than carting inventory away and informing employees of their termination. There are also data security implications. Point of sale terminals, administrative computers, networking gear, WiFi access points and often file servers all have to be disposed of properly. Any of these could contain customer information, credit card details in the PoS terminals and store financials in the servers," Richard Steinnon, chief strategy officer at Blancco Technology Group told FierceRetail. 

Steinnon says that the very first step when a store closes down is to ensure that that data is prevented from leaving the store inadvertently. This usually means most often an IT Asset Disposition (ITAD) company will be called upon to enter the facility, take an inventory of the assets and remove them. 

RELATED: 96% of consumers worried about privacy

Then the assets enter the ITAD facility and are immediately the data is sanitized. 

"Data sanitization is defined as the process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable. The retail operation then receives full reports of the devices that have been sanitized and is able to audit the entire process. Without this due diligence, a store closing could turn into a data breach nightmare," he said. 

A retailer should be aware of what type of data is housed in each store, such as the what's in the file server, the fax machines, the POS terminals, etc. 

Then, there should be a plan in place for capturing that data if needed and ensuring that the data is completely, securely and verifiably erased.

Finally, the equipment should be collected by a reputable IT asset disposition firm, which will provide the erasure service either onsite or after the retailer’s equipment is moved to its own secure facility. 

"All data should be secured before the store closing is announced to avoid employees doing a last-minute grab for any data they may feel is worth taking with them," Steinnon said. "In an ideal situation, the servers, employee laptops and other IT equipment would have been backed up already to prevent spoliation. As soon as equipment is not needed for its operational purpose, everyone should be locked out from accessing it."

He reminds retailers not to forget the Wi-Fi and security cameras. 

RELATED: Finding the line between personal and creepy

When it's time to clean up the data, Steinnon recommends retailers work with a third party. Data erasure is often done by an IT asset disposition company, which have large facilities set up for securely handling devices with sensitive data. These companies even often have  special vehicles that collect, label and even erase devices curbside. 

Finally, Steinnon reminds retailers that downsizing and store closures are often accompanied with bad feelings for employees. These "disgruntled employees" may look for ways to get back at an employer by leaking stolen data. 

"While some store closings are sudden and unpredictable, as in the case of bankruptcy proceedings, it is best to manage the closings through regular and transparent communications. But even so, retailers must always be cautious about protecting and erasing data when it’s no longer needed," he added.