973.823.9752

Financial Services

Secure Data Destruction for Financial Institutions

Protect Customer Data.
Meet Regulatory Requirements.
Reduce Vendor Risk.

Financial institutions operate under some of the most stringent data privacy and information security regulations in the world. From the Gramm-Leach-Bliley Act (GLBA) and PCI DSS to FFIEC guidance and OCC third-party risk management requirements, banks, credit unions, mortgage companies, and financial services organizations are expected to maintain strict control over customer information throughout its entire lifecycle—including final disposition.

When hard drives, SSDs, backup tapes, mobile devices, servers, and payment card equipment reach end-of-life, the responsibility for protecting the sensitive data they contain does not end. Organizations must ensure that data is securely destroyed, documented, and managed through a verifiable chain of custody.

Back Thru The Future® provides secure, compliant, and fully documented data destruction services designed specifically for the financial services industry.

Why Secure Data Destruction Matters in Financial Services

Financial institutions routinely store highly sensitive information, including:

  • Non-Public Personal Information (NPPI)
  • Customer financial records
  • Payment card data
  • Loan and mortgage records
  • Employee information
  • Internal financial and operational data

Failure to properly destroy retired data-bearing devices can expose an organization to regulatory penalties, legal liability, reputational damage, and data breaches.

Regulators increasingly expect organizations to demonstrate not only that data was destroyed, but that the destruction process was controlled, documented, and performed by qualified service providers.

FREQUENTLY ASKED QUESTIONS  

What is the most secure method of data destruction for financial institutions?

Physical destruction through certified shredding is widely recognized as one of the most secure methods for permanently destroying data-bearing devices, including hard drives, SSDs, and mobile devices.

Does GLBA require secure destruction of customer information?

GLBA requires financial institutions to protect customer information throughout its lifecycle. Secure destruction of obsolete data-bearing devices is an important component of maintaining compliance.

What documentation should a bank receive after data destruction?

Organizations should receive destruction certificates, chain-of-custody records, asset inventories, and environmental disposition documentation.

How should a financial institution evaluate a data destruction vendor?

Vendor evaluations should consider certifications, regulatory experience, security controls, chain-of-custody procedures, audit documentation, environmental compliance, and experience serving financial institutions.

The Growing Importance of Vendor Due Diligence

Cybersecurity leaders consistently identify third-party vendors as one of the greatest sources of organizational risk.

The secure destruction of retired IT assets requires more than simply shredding devices. Financial institutions must verify that their vendors possess the certifications, operational controls, security procedures, and regulatory experience necessary to protect sensitive information.

Key vendor qualifications should include:

  • Secure chain-of-custody procedures
  • Auditable asset tracking
  • Documented destruction processes
  • Industry certifications
  • Environmental compliance credentials
  • Experience serving regulated financial institutions

The right vendor becomes an extension of your organization’s security and compliance program.

Regulatory Requirements Driving Secure Data Destruction Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act established federal requirements for protecting customer financial information. Financial institutions must implement safeguards to protect sensitive data and ensure that service providers maintain equivalent levels of security.

When obsolete data-bearing devices are removed from service, organizations must ensure that customer information is permanently destroyed and that records are maintained to demonstrate compliance.

1

OCC Third-Party Risk Management

The Office of the Comptroller of the Currency (OCC) requires financial institutions to conduct due diligence on third-party vendors that have access to sensitive information or support critical business functions.

OCC Bulletin 2013-29 specifically emphasizes the importance of evaluating:

  • Vendor qualifications
  • Security controls
  • Regulatory compliance
  • Operational capabilities
  • Experience serving regulated industries
  • Ambulatory care facilities
  • Research institutions

Selecting a qualified data destruction provider is a critical component of vendor risk management.

2

PCI DSS Compliance

Financial institutions that process, store, or transmit payment card information must comply with the Payment Card Industry Data Security Standard (PCI DSS).

PCI DSS requires organizations to protect cardholder information throughout its lifecycle and to properly manage devices that store, process, or collect payment card data.

This includes:

  • Hard drives
  • Solid-state drives (SSDs)
  • Servers
  • Payment terminals
  • Card readers
  • Point-of-sale equipment

Any third-party provider involved in handling devices containing cardholder data must maintain appropriate security controls and compliance documentation.

Why Financial Organizations Choose Back Thru The Future®

1

Proven Healthcare Experience

Back Thru The Future® supports healthcare organizations ranging from community hospitals to nationally recognized healthcare systems and insurance organizations.

Our healthcare client experience includes:

  • Multi-hospital health systems
  • Specialty hospitals
  • Healthcare insurers
  • Regional healthcare networks
  • Physician groups
  • Ambulatory care facilities
  • Research institutions

Healthcare organizations rely on us because we understand the unique compliance and operational requirements associated with regulated healthcare environments.

2

Secure Chain of Custody

Every asset movement is documented and auditable.

Our chain-of-custody process provides:

  • Serialized asset tracking
  • Secure transportation
  • Controlled processing environments
  • Documented custody transfers
  • Destruction verification
  • Audit-ready reporting

The result is complete visibility throughout the asset disposition lifecycle.

3

Compliance Library™

Our proprietary Compliance Library™ gives healthcare organizations centralized access to critical compliance documentation and disposition records.

Documentation includes:

  • Certificates of environmental compliance
  • Certificates of destruction
  • Asset inventories including weights
  • Chain of custody documentation
  • Project quotes
  • Project invoices
  • Copies of relevant project emails

This allows compliance teams, information security leaders, auditors, and asset managers to access documentation whenever it is needed.

4

ServiceNow Asset Management Integration

Healthcare organizations increasingly require tighter integration between asset retirement workflows and enterprise asset management platforms.

Back Thru The Future® can support ServiceNow asset tracking workflows by enabling organizations to:

  • Improve asset retirement visibility
  • Enhance lifecycle management reporting
  • Support CMDB accuracy
  • Track asset disposition activities
  • Streamline audit preparation
  • Improve governance over retired assets

This capability helps bridge the gap between operational asset management and compliant asset disposition.

Secure Data Destruction Services for Banks and Financial Institutions

Back Thru The Future® provides secure destruction services for virtually all forms of data-bearing equipment and media, including:

1

Data Media Destruction

  • Hard drive shredding
  • SSD destruction
  • Backup tape destruction
  • Optical media destruction
  • Flash media destruction
  • USB drive destruction
  • Mobile phone destruction
  • Tablet destruction
2

IT Asset Disposition (ITAD)

  • Server decommissioning
  • Storage array deinstallation
  • Network equipment disposal
  • ATM and branch technology retirement
  • Payment terminal destruction
  • Card reader destruction
3

Onsite Destruction Services

For organizations requiring maximum control and visibility, our mobile destruction services perform destruction at your facility while maintaining documented chain-of-custody controls.

Safe Harbor Express®: Simplifying GLBA Compliance

Managing obsolete data-bearing assets internally is time-consuming, labor-intensive, and often inconsistent.

Safe Harbor Express® (SHE) was developed specifically to help financial institutions simplify secure data destruction while improving compliance and audit readiness.

This annual service program provides:

  • Scheduled secure pickups
  • Onsite destruction options
  • Asset tracking and documentation
  • Chain-of-custody controls
  • Destruction certificates
  • Environmental disposition records
  • Simplified budgeting
  • Reduced administrative burden

By replacing ad hoc disposal practices with a structured, repeatable process, financial institutions gain stronger security controls and more consistent compliance documentation.

Documentation That Supports Compliance

Financial institutions require more than destruction—they require proof.

Every project is supported by comprehensive documentation designed to satisfy internal audit, compliance, legal, and regulatory requirements, including:

  • Certificates of Destruction
  • Serialized asset tracking
  • Chain-of-custody records
  • Project inventories
  • Environmental disposition certificates
  • Audit-ready reporting

These records provide documented evidence that sensitive information has been properly destroyed and that retired assets have been managed in accordance with regulatory and environmental requirements.

Why Financial Institutions Choose Back Thru The Future®

Founded in 1990, Back Thru The Future® is one of the oldest continuously operating computer recycling and secure data destruction companies in the United States.

For more than 35 years, we have provided secure destruction and IT asset disposition services to banks, credit unions, financial institutions, and highly regulated organizations throughout the Northeast.

Our qualifications include:

  • NAID AAA Certified Secure Data Destruction Provider
  • R2v3 Certified Electronics Recycler
  • New Jersey DEP Class D Licensed Electronic Recycling Facility
  • Federal EPA Universal Waste Electronics Processing Destination Facility
  • PCI DSS Third-Party Compliance Experience
  • Over 35 years serving regulated industries

Our clients range from community banks and regional financial institutions to some of the nation’s largest banking organizations.

Secure Data Destruction Designed for the Financial Services Industry

Protecting customer information does not end when equipment reaches end-of-life. Financial institutions need a secure, auditable, and compliant process for destroying obsolete data-bearing assets while satisfying regulatory requirements and reducing third-party risk.

Back Thru The Future® delivers secure data destruction, hard drive shredding, SSD destruction, device destruction, and IT asset disposition services backed by over 35 years of experience serving regulated financial institutions. Through documented chain-of-custody controls, certified destruction processes, and comprehensive compliance reporting, we help financial organizations securely retire technology assets while protecting customer information and maintaining regulatory compliance.

100%

of our client quality control survey rate both our pre-project and post-project communications as “Excellent”

92%

of our new client quality control surveys have been returned marked “Exceeded Expectations”