Data security, data breaches and data protection is now becoming part of everyday life. From a personal perspective we want our data looked after, we don’t want it to fall into the wrong hands and we expect the people who hold our data to be equally responsible.
Businesses and the public sector are seen as data controllers and have a duty to ensure that data is protected. Thus choosing the correct certified partner is paramount. This is especially important when disposing of computer equipment and the recycling or disposal of normal and classified hard drives.
Hard drive recycling can be viewed in several ways, overwriting the drives by completely erasing the data so the drives can be reused or physically destruction, which means the drives would go for further recycling to take the drives to its base materials as recyclates.
Erasing the drives allows reuse but you should make sure that the drives are completely wiped. Using an NCSC approved software will ensure this and will allow a certificate of media erasure to be printed off on successful wipes.
However, you still need a procedure for drives that fail the wiping process. Only physical destruction then will ensure complete data removal.
Physical destruction takes two forms: shredding or crushing, but this is not the end of the process. Once the drives are destroyed they undergo further recycling.
Once they have been shredded or crushed the drives are then shredded further and chopped into tiny particle sizes. There are then various ways of separating the materials out, including electromagnets, floating off materials in different density liquids, eddy current separators and centrifuges. This allows light metals to be separated from aluminium, the magnets are separated and the circuit boards.
These are returned as recyclates and would be base materials ready for a brand new production process and product.
Classified Hard Drive Destruction
Delete doesn’t mean delete, just simply deleting data, resetting a mobile device or reformatting a disk does not actually remove the data. For example, the factory reset of mobile devices only reverts devices to factory settings and in some instances, some user data remains intact.
If you only use the above methods as the sole means for data erasure, you can run the risk of a security breach. This puts the company at risk of regulatory noncompliance, stolen data, data in the hands of criminals and ultimately brand and reputation damage. The only way to permanently destroy data without physically harming the hard disk is to use overwriting software. This ensures that the drives are completely cleansed of recoverable data. Not only must the data be destroyed, but the destruction must also be verified.
Concept Management uses Blancco Overwriting Software that can be performed both at customer premises or at our ISO9001, 14001 and ISO2701 certified premises. Blancco are one of the largest and most respected data sanitation companies and their software systems are CESG approved. The system overwrites to CESG Standards, British Standard Infosec Enhanced Standard 5. This standard dictates that the drive has to be overwritten a minimum of 3 times. This also overwrites to HMG Impact Level 5 (IL5)
What is absolutely essential is that you choose a certified hard drive destruction company who can demonstrate experience, accreditations and uses the right equipment. The Information Commissioner’s Office now polices the Data Protection Act much more vigorously than it has in the past and has handed out the highest fine for a data breach. This was action against Brighton and Sussex NHS and they were fined £325,000.
There are key requirements you must consider when choosing an IT asset disposal partner. The ICO states you must take reasonable steps to ensure no data breaches, but sometimes these occur and something goes wrong and if the worst happens, you need to be in a position to defend yourself.
The importance of choosing the correct partner that is certified is paramount, as it gives you the peace of mind that there can be no data breaches, the equipment is disposed of safely, securely and ethically and lastly, it gives an auditable trail that satisfies the ICO and the WEEE Directive.