Part 2 of 5: In this series, we’re exploring how to maintain compliance with the MPAA Content Disposal Guidelines.  Part two takes a close look at proper procedures for handling hard drives before they hit the scrap bin.  To begin the series, MPAA Content Security: Media Destruction provided an overview of the guidelines and their impact on your entertainment industry business.

Compliance with MPAA Content Disposal Guidelines

As a post-production vendor in the media and entertainment industry, you understand that you’re being held to increasingly strict standards when it comes to content disposal and digital security.  In an effort to create industry-wide best practices, the Motion Picture Association of America, Inc. (MPAA) established the MPAA Content Security Program.

Safely handling client digital media assets continues beyond the last rendering, upload, or click of the send button.  Even after you’ve sent the final project to the client, you are responsible for properly handling the digital assets stored on your hard drives.  PS-16.0 of the MPAA Content Disposal Guidelines outline proper procedures for handling those drives before the actual certified hard drive destruction can take place.

Step 1: Understanding PS-16.0 of the MPAA Content Disposal Guidelines

Every CISO, CIO and IT Manager knows that there’s a period of time between the decommissioning of a hard drive and the date of its secure destruction.  Whether it’s hours, days, or weeks, this period of time poses a security threat where the client’s digital media assets are at risk of being mishandled and/or stolen.  The MPAA handles this period of time by outlining initial security procedures to be implemented prior to storage.

PS-16.0 of the MPAA Content Disposal Guidelines:

Require that rejected, damaged, and obsolete digital media stock containing client intellectual property assets are erased, degaussed, shredded, or physically destroyed before disposal.

As the first step in the data disposal process, PS-16.0 highlights the importance of damaging, overwriting, or sanitizing hard drives before placing them in the scrap bins, where they’ll await highly secure hard drive destruction.

The Guidelines suggest considering the U.S. Department of Defense 5220.22-M Wipe Standard for this stage of the process.  While this standard is no longer seen as an adequate replacement for secure hard drive destruction, it does provide an important initial level of security by preventing software-based file recovery methods from lifting information from the drive.

All of the large film studios, such as Warner Bros. and Sony, will audit their post-production vendors following a project to ensure compliance with their content security standards.  Therefore, PS-16.0 also suggests implementing processes for tracking the hard drives and digital media assets through the destruction process.  This tracking should include information on how your studio damaged the drive or wiped the date prior to storage in the scrap bin.

Explore the Industry’s Most Reliable Certified Hard Drive Destruction Service

Whether you’re concerned about compliance with the MPAA Content Security Program or simply want to show your clients that you take the protection of their intellectual property data seriously, it’s important to partner with a certified hard drive destruction company.

At E-Waste Security, our certified hard drive destruction and IT asset disposition company provides trusted service to large and small post-production companies throughout Los Angeles, Orange County, and Santa Clara County.  Our onsite data destruction and hard drive shredding service is NAID Certified and compliant with PCI DSS, HIPAA, and GLBA. We provide full-service IT Asset Disposition (ITAD) services including the purchase, removal, and recycling of computer equipment to provide our clients with a convenient solution for their decommissioning projects.

Contact Us Today for a quote.