T 2.81 Ineffectual destruction of data media during archiving

Archive systems on their own, including their storage media, normally do not provide any access protection for the stored data. This function is assumed by the superior document management system (DMS) instead. If archiving data media can be accessed outside of the archive environment (archive system and DMS), it must be assumed that everybody able to read the medium can access the stored information.

The process of copying archived data to new data media entails a particularly high risk of old, no longer used archiving media that are not destroyed properly or completely being misused to gain information.

Even for data archived in an encrypted manner, improper destruction of data media may constitute a problem, since the security of cryptographic algorithms can only be guaranteed for a limited time (see T 4.47 Obsolescence of cryptographic procedures). Therefore, one-time encryption does not provide for permanent protection against the misuse of data.