Data in the modern sense is information that has been transformed and stored digitally in a computing device in a way that simplifies its subsequent processing. It can include a wide variety of information such as employee information or financials for a company.
Following the correct processes of data erasure will ensure that data on a hard drive cannot be recovered, but a surprising number of businesses do not correctly sanitise or destroy their redundant media, leaving their data at risk.
In recent years, GDPR legislation has made businesses more aware of how essential data is and how it should be protected throughout its entire life cycle. When you need to dispose of redundant company data or data-bearing devices, the wiping or destruction process should be handled as delicately as you treat the creation, archiving, and protection of your data. This will ensure that you are not subject to the much publicised GDPR data breach fines.
Ideally, corporations should not undertake any form of data wiping or destruction without first consulting a fully qualified IT Asset disposal partner who will be well versed in the methods of destruction and legislation that need to be followed.
What Is Data Wiping?
The process of data wiping involves using a software solution to randomly overwrite data on the drive with a series of binary numbers and in such a way that it is no longer readable. Besides protecting your company's data, the benefit of wiping the hard drive is that the original drive can be reused, reducing the environmental impact and also improving the financial outcome of disposal.
Types of Data Destruction
There are numerous ways in which you can safely dispose of your company data. The preferred solution for your business will depend largely on risk appetite and security stipulations. Some of the most common types of data destruction are detailed below:
Overwriting - otherwise known as data wiping, data sanitisation or data erasure, overwriting as described above is the process of randomly replacing data with binary numbers to effectively render the data unreadable and unrecoverable.
Degaussing - now a relatively unused method in the ITAD industry, this process uses a strong magnetic force to damage the hard drive internally and prevent it from functioning. Degaussing has largely been replaced by other methods as it is difficult to test for successful data destruction and does not visibly damage the drive.
Physical destruction - there are many methods under the umbrella of physical destruction but the most popular and most visible method is hard drive shredding. A series of metal teeth will create small particles from the original drive, making it impossible to recover data.
Choosing a Data Disposal Company
It is important not to take data destruction lightly. You should choose an IT Asset Disposition (ITAD) company that complies with all regulations when they dispose of your data.
There are many standard and regulations that ITAD companies are able to register & comply with including:
National Cyber Security Centre (NCSC) - provide best practise methods for the secure sanitisation of storage media & independently test and verify data destruction methods.
Centre for the Protection of National Infrastructure (CPNI) - provide guidance on personnel security, cybersecurity in the public and private sectors and physical security - including onsite data destruction.
Asset Disposal and Information Security Alliance (ADISA) - the core certification body of the ITAD industry who recommend general best practises for data destruction and IT asset disposal in line with legislation.
Cyber Essentials - a UK government backed scheme designed to help companies protect themselves from cyber-attacks.
Assured Service (Sanitisation) Scheme (CAS-S) - an accreditation scheme offered to organisations who provide data destruction services for classified government data.
Choosing Wiping vs. Shredding
Choosing whether to wipe or shred hard drives is based on a company's individual needs. Shredding drives, when done correctly, is a great solution for total data destruction. The benefits of shredding hard drives include ensuring that the device can never be used again and that data is therefore unrecoverable. However, specialized and expensive equipment is required to ensure that the drive is shredded down to the appropriate size so that no data can be recovered. The physical destruction of drives naturally means that there is no recoverable financial value.
Hard drive wiping on the other hand, uses a software overwrite to replace the data on a drive so that it cannot be recovered. Wiping a hard drive ensures verifiable data erasure as well as allowing the drive to be repurposed, which means that it can be resold or reused within its parent asset, increasing the potential for financial returns when disposing of your redundant assets.
Data wiping similarly requires expensive, specialized software and wiping rig solutions to ensure that the data is erased correctly and can be done efficiently in large batches. It is for this reason that it is highly advisable to employ the services of a specialist ITAD for all of your data destruction or data wiping needs.
Is it ideal to outsource?
Some businesses do attempt to destroy their redundant data in-house using software solutions, but there are dangers associated with this which will increase the risks of data being unsuccessfully erased. Here are some of the risks to consider if wiping your own company data:
Wiping Software - Disk-wiping softwares differ considerably in their capabilities. The standards of the ITAD industry require that all sectors of the drive are successfully overwritten, but popular online wiping tools won’t always meet this basic standard and will not take responsibility nor offer insurance over any failures from the erasure process. Examined carefully, these software applications have clear disclaimers that state that their usage is at the the user’s risk, with some specifically declaring they are not 100% effective at all.
Damaged Drives - The data wiping process cannot be successfully certified in instances where the drive or sector is damaged, because the data cannot necessarily be identified or overwritten in these instances. This is not a problem when using certified solutions which will detect drive failures and an ITAD partner will subsequently audit the faults and shred the drive, but without the correct knowledge of the process and softwares, there are risks that data can remain on a drive.
Cost of Time - Wiping a hard drive can be very time-consuming. The time each drive takes to wipe will typically depend on its age, storage size and condition. Data wiping will usually take anywhere from 30 minutes to 24 hours, depending on the particular drive. Wiping drives in larger quantities is therefore a considerable task.
The Best Data Destruction Solution
Data disposal is best handled by employing the services of a specialist ITAD partner like FGD Solutions. We know the importance of keeping your data secure through each step of the disposal and destruction process. Our vast knowledge of the industry, data and environmental regulations and our enhanced audit documentation and data destruction certification will provide you with total peace of mind. We support all manner of businesses and organisations, from financial organisations in London to Educational and Healthcare institutions in the South East.
For professional, friendly advice give us a call, or visit our website to learn more about our range of data management services we offer to multiple businesses across London and the South East.