Data Security: The Correct Disposal of IT Equipment Containing Sensitive Data

You have recently upgraded your IT hardware, who looks after data security for your old IT equipment? Is it secure?

Organisations need to be extremely focused on Data Security when disposing of IT equipment that contains sensitive data. There are many reports of computers, with their hard drives intact, being found in open markets in Ireland and the third world, on eBay and other online auction sites. There is also a ready market for all types of used data tapes in these markets. Deleting files or even reformatting a hard drive does not remove the information, as this can be restored using readily available software. Even overwriting does not erase the information, with forensic software available to read drives down to many multiple levels of overwrite

Regularly we see reports about lost or stolen laptops that highlight poor corporate security practices and privacy protection in organisations. Especially organisations that allow home-based employees to download sensitive company and client data to their personal computers

There is a specific responsibility on ICT Data Controllers when disposing of any equipment or storage media containing personal information and there are significant penalties for breaches of the Data Protection Act which could be ruinous for an organisation.

Problems associated with data security for end of life equipment can be eliminated by using reputable IT recycling companies, who can provide certified data destruction services as part of their asset management and equipment recycling processes.

Second-hand computers and computer hard drives bought on eBay’s Irish website have been found to contain sensitive information, including customer Bank, Laser and Credit-Card account details, car registration information, staff PPS numbers, internal corporate information and e-mail details. In most cases, the owners had not even bothered to erase the drives and from the kind of information found, it was obvious that they belonged to people who worked from home or brought files home to work on. In many cases it is senior management with high level data security clearance that fall into this trap.

Basic forensics programs can retrieve data even when owners believe that they have erased the hard drives. Many Computer owners are unaware that safely erasing drives involves more than just reformatting or erasing the drive using inbuilt tools provided on home PCs.

Larger organisations often use an industrial-strength erasing tool before PCs or drives are sold on and even this may not be enough to completely destroy all the information contained on a hard drive. The only way to absolutely guarantee the secure removal of the information stored on any form of data media is by complete destruction and the most effective form of secure data destruction are the methods used by Electronic Recycling who provide complete destruction by shredding either on your site for large quantities of drives or for smaller quantities, by collection and delivery directly to our facility in Finglas for shredding.

Apart from an organisation’s responsibilities under the Data Protection Act, there is also a continuing responsibility for IT equipment disposal under the Waste Management Act 1996(amended 2001) until it has been proven that it has been disposed of properly. If the cannibalised remains of an organisation’s equipment are disposed of illegally, it is the organisation who is held responsible

When replacing or disposing of end of life IT equipment, organisations and managers responsible for data security, need to ask their equipment vendor, waste service provider or facilities manager, what exactly happens to their equipment once it leaves their control.

It is not good enough that managers say they have implemented security requirements such as laptop encryption, equipment disposal or data destruction procedures, someone needs to verify that the procedures have been followed.

Electronic Recycling provide a range of services which address all of the above issues on behalf of our clients and when we say data has been destroyed, it has been destroyed

**************************************************

Electronic Recycling provide WEEE waste management services that recover over 90% of the constituent materials for reuse as raw materials and all material is processed within the EU

Experts at managing all kinds of
Waste Electrical and Electronic Equipment (WEEE)
Super secure destruction of data from hard drives and other data media

WE SHRED HARD DRIVES