What’s Your Data Destruction Policy and Why It Matters

Stolen data is a constant threat for most businesses large and small, and a data destruction policy is an important step toward securing the precious information stored on most devices. In this post, we’ll take a look at the many ways that data security is a predominant issue in the world today and the ways that a data destruction policy is crucial to ensuring adequate privacy and protection.

You may think that data destruction is out of your realm of expertise and therefore should be handled solely by the guys in the tech department. Think again. Data destruction is quickly becoming a major priority for businesses wishing to ensure that private and sensitive company information doesn’t fall into the wrong hands

When private information does leak, the results can be extremely costly and cause significant damage to a company’s reputation. Even though data security is mostly considered in association with protecting private data from the likes of hackers and other criminal activity in the Internet of Things, it has also become a major concern for offline and stored devices as well as devices sent for electronics recycling. 

For those who think that data is inaccessible once it’s sent for recycling, a rude awakening could be in store. Even though laws and regulations prohibit it, devices sent for recycling can sometimes end of half a world away in undeveloped countries in the hands of data thieves hungry for private information that could turn into a quick buck on the black market. 

This is why data security can and should involve not just online protection, but effective and reliable security even after a device reaches end-of-life status.

It just may be that locating a responsible electronics recycler is the best way to protect your data. Simply wiping your hard drive may not be enough to erase the remnants of sensitive information. That’s because much of the information can be retrieved, even after a thorough data wipe, using current technology.

Data retrieval software normally exists in order to save information lost or destroyed through uncontrollable circumstances such as natural disasters or lost devices. However, retrieval software can also be used illegally to recover data from used and discarded devices. This includes devices donated to nonprofits or schools, collected for recycling, or lying in unprotected storage areas.

Thus, wiping your hard drive with any one of the multitudes of data wiping software available is not the surest way to ensure your data is protected in its end-of-life stages. It’s one of the biggest challenges recyclers face: how to guarantee and ensure that data is completely destroyed during recycling.

Recyclers generally go beyond software-based data wiping to ensure that information is completely erased from devices. Although many recyclers do keep software-based data wiping services on hand, and some even offer on-site data wiping as part of the package, most concentrate on methods that completely destroy the device and the information stored therein such that it’s not retrievable by any means ever.

One thing to note about shredding: it’s definitely permanent. Nothing says ‘end-of-life electronics’ like sending them through the shredder at the recycling center. From there, there is no returning to functionality. Instead, various valuable components can be retrieved for reuse. These include plastic, glass, copper, and even gold silver and palladium not to mention a host or precious minerals and rare earth elements. However, the data stored on a device is completely gone after shredding, permanently.

Degaussing is also a permanent way to ensure that data cannot be retrieved later, albeit a more expensive and detailed endeavor. With degaussing, a large mountable machine is used to scramble the information on hard drives by reversing the magnetic field on the storage tape or hard drive. (It works with VHS tapes and cassettes, but in these instances it is possible to retrieve information after the degaussing process.)

For hard drives in computers, laptops and more, once the magnetic field is reversed, the storage devices is rendered completely unusable. However, keep in mind that degaussing cannot work on solid state drives since there is no magnetic strip with these. For SSD’s the best method for data destruction is always shredding.

When it comes to protecting sensitive information, a sound data destruction policy is always best. A data destruction policy should always take into consideration any laws and regulations applicable to a particular industry. For instance, the healthcare and banking industries carry specific laws that require special protection of private client and customer information. That makes data destruction a top priority for companies who dispose of computers laptops and other electronic equipment in these industries.

Also, at the very least, a data destruction policy should identify the key players within the company who will be collecting, storing and signing-off on device disposal. Think about explicitly prioritizing a method for disposing electronic equipment that includes data wiping via software as well as either shredding and degaussing or both. 

These redundancies may seem like overkill, but with the risks involved, they could prove to be worth it in the long-run. The most important aspect of a data destruction policy is choosing the right recycler with the most effective methods for data destruction.

Identifying a responsible recycler in your data destruction policy is absolutely essential.  A responsible recycler is certified through an independent agency and in good standing with the EPA. Common certifications are the R2 certification and the eStewards certification. These certify that the recycler is in compliance with state and federal regulations and is not participating in illegal shipment of electronics to underdeveloped countries, respectively.

As big data and the Internet of Things increases our dependency on electronic devices for data collection, sharing and retrieval, the risks of data theft and privacy invasion will continue to grow. Likewise, the need for reliable and effective recycling services will also grow. Keep in mind these tips for developing a data destruction policy that can both withstand the risks and provide for responsible recycling as well.