Secure decommissioning of confidential electronically stored information (CESI): A framework for managing CESI in the disposal phase as needed

Retention and disposal of confidential information by an organization requires diligence. Unfortunately, the current disposal methods of Confidential Electronically Stored Information (CESI) have resulted in many security breaches and violations of existing regulations. As financial & litigation risk, loss of consumer confidence and detrimental business reputation are realities of security breaches, the objective of this research is to propose a framework for processing of CESI securely, during the disposal phase, utilizing the “sandbox” methodology to process and sanitize CESI. This is achieved by introducing categorization of information groups and using a classification scheme to depict the level of confidentiality quantified by a “value portfolio”. The thresholds in the value portfolio enables organizations to establish clear and practical security policies in processing and disposing of ESI during the Information Life Cycle (ILC).