No matter what sort of business you run, if you handle any sort of data on a computer, you have to think about data destruction, especially when it comes to recycling your computing equipment. Many small and medium businesses may not think that this is very important to them, since they trust that their machines are secure, and once the machines are passed on to be recycled, the recycling companies will destroy any data before recycling the machine.
The Global Data Protection Regulations (GDPR) requires that all information on a computer has to be destroyed once the machine is ready to be recycled. The GDPR website explains why businesses should take destroying data seriously, and no matter where in the world you run your business, destroying that personal data before recycling IT equipment is absolutely crucial.
Some people may believe that wiping a hard drive is enough to get rid of sensitive data, but as Chris Hoffman explains in his article Why Deleted Files Can Be Recovered, And How You Can Prevent It, it’s really not difficult for you – or anyone else – to get these files back. This makes it clear why using a NAID Certified data destruction company to ensure data is destroyed is very important.
Unfortunately, businesses which trust that e-waste recycling companies will destroy data may be in for an unpleasant surprise. While some companies do erase or reformat the hard drive, this will not be enough to get rid of the data entirely, and most actually sell computers with hard drives intact. The fact that these sell for up to three times as much as computers without hard drives is a worrying statistic; people buying these machines are being given the data, and you have no way of controlling what they do with it or how it is distributed.
There are a few different options for getting rid of confidential information on old hard drives, such as wiping, degaussing and shredding. Local e-waste recycling companies, however, have no obligation to make sure data is destroyed, and if there’s a security breach, it’s your business which will take the blame, because you haven’t disposed of the information properly. Equally, many IT Asset Disposition companies only shred hard drives as a last resort, so depending on them to destroy your data after leaving your custody may not be secure enough, and could still leave you vulnerable to a data breach.
Many businesses overlook the importance of protecting and responsibly disposing of their data, which could leave them out of compliance with data privacy laws if the data gets into the wrong hands. No matter what your business is, you are both legally and morally obliged to ensure data is destroyed once it is no longer being used, so making sure that you use a reputable and reliable data destruction company who will actually shred the hard drive and remove any risk of data breaches is crucial.