Did you know that one computer hard drive can easily contain the equivalent of a full semi-truck of documents? When you dispose of your old computers, you are also disposing of the sensitive data on their hard drives. If you are not properly destroying those hard drives, this data is easily accessible by anyone with even modest computer skills.
The amount of data stored on a hard drive is immense, and without a secure way of eliminating it, information breaches can result in embarrassment, financial loss and legal repercussions. Confused about how to achieve proper disposal, most organizations do nothing. A visit to any business’ storeroom or storage unit is verification of this.
Hard drive destruction is the process of rendering a computer hard drive completely unreadable upon disposal. Proper destruction of a hard drive is critical to protect any confidential information from theft or misuse.
There are four basic options for disposal:
- Toss it in the dumpster. While an option, it is not a good one for two reasons. First of all, dumpster divers can gain access to the information on the hard drive, and secondly, contaminating landfills with electronic equipment is against the law.
- Recycle by donation. Donating to a not-for-profit organization feels great and it’s free. However, allowing access to the information left on the hard drive can be very costly!
- Recycle for scrap value. Although the computer has some value, it most likely will not be enough to cover the cost of transporting and disassembling it. Also, there is no guarantee that the information on the hard drive will be destroyed.
- Hire a company certified for proper disposal of information-bearing media. While there are costs associated, they pale in comparison to the cost of fines, lawsuits or loss of customer loyalty due to an information breach.
Wiping, Formatting, Deleting
Formatting, sanitizing or deleting will not make the data unrecoverable. The Massachusetts Institute of Technology (MIT) recently conducted research in which they bought 158 hard drives from eBay and other merchants to determine what data was contained in them. Of these hard drives, which originally belonged to banks and law firms, just 12 had their data completely eliminated. A wealth of information was retrieved from the rest, including credit card and social security numbers and medical records!
Likewise, formatting a disk does not sufficiently delete the actual data. Take an example of a 10GB hard disk with a total of 20,044,160 sectors. After formatting, only 21,541 sectors are completely overwritten. This is less than one percent of the total, meaning 99 percent of the data can be fully recovered. Furthermore, formatting will simply complicate the process of recovering the fragmented files; it will not prevent the theft of leftover data. Most people assume that an old hard drive has no sensitive data that can be extracted. But this is not the case, as the computers of today are able to read drives up to 15 years old.
Hard Drive Destruction
The findings in the MIT report emphasize the need for proper hard drive disposal. Furthermore, there is a benefit from a compliance standpoint for using a third party with the proper qualifications. With each disposal event fully documented, an audit trail is created, establishing an ongoing standard for disciplined, secure disposal. iBi