Your data’s life cycle ends after destruction. But you must do more than simply delete files on your computers and mobile devices.
In September 2019, pro-consumer group and cyber security experts Comparitech released a study outlining what happens to hard drives when they hit the secondhand (secondary) market after leaving their original computers.
The firm purchased 200 used hard drives from online marketplaces, secondhand shops, and conventional auctions. What they found was startling. As many as 59 percent of the hard drives purchased still contained data from previous owners. 42 percent were properly wiped, and no remnant data could be recovered, or they were not accessible.
University researchers could recover data with minimal effort on 26 percent of the hard drives, while 17 percent contained deleted data that was quickly recovered.
In April 2019, Blancco Technology Group analyzed 159 used storage drives purchased on eBay. 15 percent contained personally identifiable information (PII), including one drive from a software developer with a high level of security clearance that left scanned images of family passports and birth certificates on the drive.
Selling old hardware via an online marketplace is NEVER a good option when your company’s reputation and brand are at stake.
Beyond your brand, federal and state government regulations mandate that companies and agencies require proper disposal of information in consumer reports and records.
This means all data relating to personally identifiable information. Further, the financial, legal, and medical industries face further scrutiny due to HIPAA and other laws specific to these types of companies.
The Federal Trade Commission also has disposal rules in place for a wide range of industries. Landlords, individuals and companies who obtain credit reports, employers, insurers, consumer reporting companies, any entity that maintains consumer information (addresses, phone numbers, and financial information), and more MUST dispose of this information properly when it is no longer needed.
Paper records must be burned, pulverized, or shredded. Electronic files must make such data unreadable and unable to be reconstructed, even when using extraordinary means and methods.
At least 35 states, the District of Columbia, and Puerto Rico have laws that require either private or government agencies or both to destroy data on storage drives and devices that make personal information unreadable or undecipherable, according to the National Conference of State Legislatures.
Improper data destruction means you are potentially breaking the law, and you face prosecution and further punitive action. As a matter of public record, lawsuits and prosecutions can be covered by the media. You could face horrible public relations and irreparable harm to your brand with a lawsuit.
What Can You Do to Destroy Your Data?
You must do more than just delete files through your computer operating system. The data still exists on your hard drive, you just can’t access it through ordinary means. Eventually, other data on your computer may overwrite it at some point. But you can’t take that risk with older hard drives on outdated computer equipment.
Having certified experts handle your data destruction is the best practice for your company’s sensitive information. Even if you believe there is no information on a hard drive, you can’t take the risk that something internal about your company or customers exists on an old hard drive.
Contact I.T. Supply Solutions Today
I.T. Supply Solutions serves many industries, from banks and government agencies to schools and small businesses, with secure data destruction that meets or exceeds Department of Defense standards.