Whether you are dealing with paper, CDs, credit cards or USB sticks, the procedure for the secure destruction of personal data on all types of media nearly always contains the terms “security levels” and “protection classes”, according to ”eu.hsm.eu” .
What is ISO/IEC 21964 (DIN 66399)?
Over the last few years, the requirements regarding data protection have become stricter and stricter. In the meantime, moreover, digital data carriers such as USB sticks, CDs and hard drives have become part of our daily lives.
For this reason, the standard ISO/IEC 21964 (DIN 66399) “Office and Data technology – destruction of data carriers” was drawn up. It is the new standard for the correct destruction of data and also deals with the particular characteristics of digital data carriers. DIN 66399 categorizes the security levels into 6 media categories: hard drives (H), optical media (O), magnetic data carriers (T), electronic data carriers (E), information in reduced format (F) and information in the original size on paper (P).
Which Security Levels are there for Paper & which one is needed when?
There are a total of 7 security levels for paper, each with their respective requirements. To put it simply: the higher the number after the “P“, the finer the paper is shredded by the document shredder. That means that the smaller the particle size or strip width of the shredded paper, the higher the security level and therefore the more difficult it is to reconstruct the information.
- Suitable for general documentation such as catalogues, brochures
- Strip width max. 12 mm
- Shreds an A4 document into approx. 17.5 strips
- Easily possible to reconstruct the information
Security level P-2
- Suitable for internal information such as old instructions, travel guidelines, notices
- Strip width max. 6 mm
- Shreds an A4 document into approx. 35 strips
- Possible to reconstruct the information with a certain effort
Security level P-3
- Suitable for sensitive and confidential as well as personal data such as turnover analyses, offers with personal address data
- Particle size max. 320 mm²
- Shreds an A4 document into approx. 194 particles
- Data reconstruction only possible with considerable effort
- Suitable for particularly sensitive and confidential data as well as personal data such as balances, salary statements, personal data, employment contracts
- Particle size max. 160 mm²
- Shreds an A4 document into approx. 389 particles
- Data reconstruction only possible with extraordinary effort
Security level P-5
- Suitable for information of existential importance which has to be kept secret such as medical reports, patents, design documents
- Particle size max. 30 mm²
- Shreds an A4 document into approx. 2.079 particles
- Data reconstruction only possible with an undefined amount of effort
Security level P-6
- Suitable for documents which are to be kept secret and which require extraordinary security precautions, e.g. research and development documents, official areas
- Particle size max. 10 mm²
- Shreds an A4 document into approx. 6.237 particles
- Data reconstruction currently not possible with the available technology
Security level P-7
- Suitable for documents to be kept top secret with the highest possible security precautions such as secret service or military documents
- Particle size max. 5 mm²
- Shreds an A4 document into approx. 12.747 particles
- Data reconstruction impossible
Which Cutting Style is suitable for which Security Level?
Strip cut
In strip cut, each sheet of paper is shredded into strips of max. 6 mm wide. The length of the strips correspond to the width of the paper fed into the shredder.
Cross cut/Particle cut
Cross cut document shredders cut documents diagonally in both directions and generate small paper particles.
Micro cut
The finest of all cutting types: a special version of the cross cut which makes reconstruction of the data impossible.
Which Protection Classes are there?
The protection classes ensure that the security levels are grouped correctly. There are 3 protection classes:
| Protection Class | Application | Corresponds to Security Level |
| Protection Class 1 | Normal protection requirement for internal data | P-1, P-2, P-3 |
| Protection Class 2 | Higher protection requirement for confidential data | P-3, P-4, P-5 |
| Protection Class 3 | Very high protection level for particularly confidential and secret data | P-5, P-6, P-7 |
Normal protection requirement for internal data (Protection Class 1)
Information which, in the case of a data protection infringement, has a limited negative effect on a company, e.g. memoranda, general correspondence
Higher protection class for confidential data (Protection Class 2)
If there is a data protection violation, the affected person can be adversely affected with regards to their social position or to their financial situation, e.g. account statements, certificates or references
Very high protection requirement for particularly confidential and secret data (Protection Class 3)
Data protection violations would be an existential threat, e.g. particularly sensitive medical data, tax data
Read the full art. on ”eu.hsm.eu” .
