When disposing of end of life equipment, one has to consider the data security implications.

With data disposal, there are a number of factors to consider, namely;

What is the data? What are the implications of a breach? What form is it in? How much is there? Where is it kept? Do you want on-site disposal?

Then there are the methods to ensure that the data is securely and permanently destroyed.

These include overwriting, degaussing, shredding, disintegration or crushing and then combinations of the above.

For each of these methods there are different methods, standards and processes, and numerous reasons for determining which method to use.

What is absolutely essential is that you choose a certified hard drive destruction company who can demonstrate experience, accreditations and uses the right equipment.

The Information Commissioners Office now polices the Data Protection Act much more vigorously than it has in the past and has handed out the highest fine for a data breach. This was action against Brighton and Sussex NHS and they was fined £325,000.

There are key requirements you must consider when choosing an IT asset disposal partner. The ICO states you must take reasonable steps to ensure no data breaches but sometimes these occur and something goes wrong. If the worst happens you need to be in a position to defend your position. The following are points which must be to be considered:

Lastly, you must demonstrate that you have completed ‘Due Diligence’ and the ICO specify an audit of the IT Asset Disposal Company’s facility.

The importance of choosing the correct partner that is a certified is paramount, it gives you the peace of mind that there can be no data breaches, the equipment is disposed of safely, securely and ethically and lastly it gives an auditable trail that satisfies the ICO and the WEEE Directive.