Electronic Waste Recycling

Destruction of data for security and privacy

Introduction

The most immediate and important concern for any organization when disposing of IT equipment is to ensure that no one can extract data from it that shouldn't be disclosed to the public. Not only is this good business practice, numerous laws impose penalties for failing to protect against leaking certain information about your customers, employees, or business operations, especially if you are involved in the financial or health care industries.

So the simple solution is this: Delete everything from every device capable of storing data before you throw it away. Right?

Well, you have no doubt heard about sophisticated methods for recovering information from computers which the user thought he had deleted. And it's true—holding a magnet next to your tapes, formatting your hard drive, or even breaking apart a hard drive or tape cartridge, may not sufficiently ensure that your data is truly unrecoverable.

Also, certain equipment can store data without you realizing it, leading to disposal without any attention paid to deleting the data. For example, some printers might save a copy of everything that was ever printed on them!

What this means is you need a competent professional who knows how to completely destroy all sensitive data from any electronic equipment to be discarded or recycled, before the equipment leaves the custody of your business or a trusted partner.

Data destruction service providers

Companies that offer data destruction services (which includes J.D. Fox Micro) generally do it at their facility, and then provide you a certificate to confirm your data was destroyed. These certificates might refer to government standards such as those published by the National Institute of Standards and Technology (NIST) or the U.S. Department of Defense.

Certificate with seal

It is important to note, though, that no government agency certifies or audits data destruction companies for compliance with standards. Any proof provided by a company you hire, no matter how fancy or formal the certificate looks, has no official backing outside that company. Since you are ultimately responsible for the destruction of your data, you must remember that the only intrinsic value of such certificates is for your record-keeping. For actually proving the data was destroyed, the certificate is only as valuable as the trustworthiness of the company providing it. If information is exposed, and an injured party claims it came from IT equipment you threw away, your certificate of data destruction does not automatically absolve you of liability.

So, when disposing of IT equipment, you should be able to understand, evaluate, and audit the process by which the company you choose to destroy your data accomplishes this.

The method and level of auditing will vary. If the hardware or media on which data is physically stored will be smashed into tiny pieces or melted, then the data destruction company might offer video of the destruction, with close-ups of item serial numbers where applicable. If, to save expense, you choose a recycling agency that will do a thorough wipe of your hard drives without physical destruction (so the drives can be resold), then the company may provide a report on the technical methods used to ensure the data is truly made unrecoverable.

What you should do

The best way to make the process of data destruction successful, and reduce expense, is to develop plans for it early in the life cycle of your IT equipment. This includes:

1. Classifying, segregating, and controlling all data throughout the network during the lifetime of the equipment in question.

2. Having technical understanding of your equipment, to ensure no data storage devices are missed.

3. Knowing, in advance, where and how your data will be deleted when the time comes.

Man in print shop preparing to move

If you do not make these plans and control your network, you will find yourself making decisions on-the-fly about data destruction when it's time to dispose of equipment, leading to mistakes. These can range from failing to fully delete sensitive data, to spending too much effort wiping storage equipment that doesn't need it, or, at worst, overlooking certain sensitive data completely.

As your trusted IT service provider, J.D. Fox Micro offers data destruction services you can count on. In addition, J.D. Fox Micro can help you implement data classification and management plans, and secure your network to continually control access to your data, so that you can apply the proper level of effort and expense for data destruction based on actual need.

Next:  Where to send your electronic waste   >>

Electronic Waste Recycling

Table of Contents

  1. Introduction
  2. Destruction of data for security and privacy
  3. Where to send your electronic waste
  4. More options
  5. Electronics recycling services provided by J.D. Fox Micro