Data has never been more valuable. Most services have moved to an online based system; some are exclusively online only. From the customer side, you want every assurance that your data is stored correctly, is protected from hackers, and disposed of correctly. Data breaches are happening all the time, across different businesses, in completely different sectors. The General Data Protection Regulation, GDPR, was introduced in 2016, which changed what data a company could have, and how it is stored. The regulation made businesses more liable for the handling and destruction of information help about individuals.
What happens if you don’t destroy decommissioned hard drive?
Probably the most well-known case of improper hard drive destruction, Morgan Stanley was fined $60m for failing to dispose and decommission several data centres [Reference]. These data centres held sensitive information on customers, and were found to have not assessed or addressed the risks involved in decommissioning the servers. By doing so, they left customers vulnerable with identifiable information, and Morgan Stanley didn’t notify their customers of what unencrypted data could be possessed by unknown third parties. Learn more about secure hard drive destruction here.
How to destroy hard drive before recycling
The best way to ensure no one can ever access the data stored on your obsolete hard drives, is to completely destroy them. There are even more steps you can take to completely guarantee the personal identifiable information, PII, is never accessible ever again. Using all three methods together can ensure your data is completely gone forever.
When you delete information from a hard drive, it doesn’t necessarily mean it is gone forever. When a file is stored on a hard drive, it is stored across several sectors of the disk. When you delete this file from your computer, it just changes the state of those sectors from being occupied by data, to being available for new files. If you erase all the files, then send it straight to a recycling centre, they could still retrieve all the data from it. You need to use NCSC approved software to guarantee you have removed all the data successfully and your hard drive is erased.
After completely erasing all the PII data on the disk, you can overwrite it with new information. As more data is stored on the hard drive, the old data becomes less retrievable. Once the data is overwritten, it can be sent to be properly recycled back to its original materials. Concept Management uses Blancco Overwriting Software, which is one of the largest, well-respected data sanitation companies. The software is CESG approved, which is part of the government’s cyber security team within GCHQ. This can be done on site at your data centres, or the drives can be sent to our ISO09001, 14001 and ISO2701 certified premises.
Crushed or shredded
The most important, and finite way to securely dispose of all the data, is to completely destroy the hard drive. After all the previous steps have been taken, the last thing to do is to make sure the drive is unrecognisable. Crushing several times into tiny pieces. The material left over is separated afterwards, using methods such as, electromagnets, floating materials using various densities of liquid, eddy current separators, and centrifuges. These materials are then reused as the base materials for new products. See our hard drive shredder in action here.