Hardware.com | Blog | Secure Data Destruction - What You Need To Know
Hardware EcommerceBuy
Support ServicesSupport
Chat with HardwareChat
Contact HardwareContact

Secure Data Destruction – What You Need To Know

23rd May 2019 | In Lifecycle Services
The importance of securely erasing data from EOL or surplus equipment and the management of the data destruction process should not be underestimated. The safe storage of sensitive data is deemed a business priority, but organisations often overlook what happens when the equipment the data is stored on becomes end of life (EOL) or surplus to requirements. Protection of data during the active use of a device is vitally important. But security lapses during the disposal or redeployment process can be just as serious. Serious security breaches and ID fraud are a major threat if data gets into the public domain. Not to mention the significant hit to a company’s reputation. To safeguard against such occurrences, there are a number of laws and directives in place enforcing the protection of data. The Data Protection Act, for example, threatens hefty fines of up to £500,000 for the loss of an individual’s confidential information. The seriousness of properly managing and destroying data is clear. But what do organisations need to do to ensure their data is erased securely?

Secure Data Destruction

Firstly, simply deleting files is not enough. Deleted files are easily recovered so this alone does not class as secure data disposal. Instead, data and configuration files need to be properly wiped from storage devices, routers and switches using advanced software. Alternatively, the device needs to be fully destroyed to an irrecoverable state using dedicating crushing or shearing equipment. Whilst it is possible for companies to destroy their own data, in-house options often won’t meet the necessary security standards. Or provide appropriate proof of  data destruction for audit purposes. The solution then, is to find a reliable and trustworthy partner who is able to guarantee both security and legal compliance whilst handling all the logistics of equipment removal and offering full traceability from the moment they collect the equipment to the moment the data is destroyed. But how can a company be sure of who they can trust with their sensitive data?

Choosing a partner you can trust

Traceability and a full certificate of data destruction are a must. But companies should also look for a partner who can offer the correct certifications. DOD, VSITR, ISO 27001, CESG, PCI-DSS, HMG Information Assurance Standard no.4 and 5, CCTM and SEAP 8100/8200 are all recognised standards to look out for. Additionally, a partner needs to offer the right level of data destruction and documentation to suit the level of sensitivity of the data in question. To make an informed decision, the company needs to have a full understanding of their own data and its level of confidentiality. Finally, a good partner is one who understands the value of your kit and can help you realise this. Once data has been cleared, equipment can be refurbished to manufacturer standards and redeployed, sold on, or used for spares. Refurbished kit can also be covered through third-party support contracts meaning its life can be extended indefinitely. Any equipment that has been destroyed during the data destruction process, or is truly end-of-life, should be recycled or environmentally disposed of to European WEEE standards.