What Is Onsite Data Destruction and Why Is It so Important?
Have you ever heard of onsite data destruction? Read more to learn all about it and why you should consider it.
Although 100% of electronic waste is recyclable, not even a quarter of the e-waste the world generates is properly disposed of. In the United States, only 29% of all e-waste generated was recycled in 2014, the most recent year for which there is data on the subject. That's more than in previous years, but still not nearly enough.
The proper disposal of electronic devices, computers, and hard drives isn't just important for protecting the environment. Discarded devices pose a serious threat to businesses and organizations.
Hacking accounts for 63%of all data breaches; However, employee negligence, including the improper disposal of technology, accounts for 9% of data breaches.
Businesses and organizations that handle sensitive data cannot risk the improper disposal of technology. In some cases, failure to dispose of hard drives can lead to data breaches, lawsuits, and other liabilities.
At the very least, it's an important process to protect proprietary data as well as customer data.
Onsite destruction is one of the most efficient methods to destroy data responsibility. If your company needs a more reliable way to dispose of your data, find out more about onsite data destruction below.
What is Onsite Data Destruction?
Data destruction is a process of thoroughly destroying data stored on hard drives, tapes, and other forms of electronic media. The objective is to render the data unreadable and unsalvageable.
Onsite destruction is just as it sounds. Instead of sending electronic media away to destroy it, you destroy them on site. Many organizations use a hard drive destruction service to ensure they meet proper standards and reduce liability.
Why is Onsite Data Destruction Important?
When a user deletes data in the traditional way, it no longer appears in within an operating system. Often, the application that created the data can't access it, either. Deletion frees up space on a hard drive so you can record other data.
But traditional deletion is not enough to destroy data entirely. Technicians can often recover deleted data, sometimes through simple processes.
For example, when using the Windows operating system, users often think they've cleared away data by moving it to the "Recycle Bin." But even the Recycle Bin has a built-in process for restoring that data.
If someone where to get their hands on the discarded hard drive, they could restore almost anything that was deleted using this method.
This poses a risk to organizations who don't dispose of hard drives properly. Thieves can recover any hard drives that they donate, sell, or simply throw in the trash and crawl them for for data.
Depending on how sensitive that data is, they could then used it for nefarious purposes.
Data destruction services operate onsite to mitigate risk. Destroying data onsite introduces a certain level of control to the process. Instead of sending hard drives away, you can confirm that they have been destroyed.
When a device goes offline, you should take the following steps:
- Do an audit of your inventory
- Secure the devices that have been taken offline
- Hire a service to destroy data onsite
- Bare witness to the destruction of the device or devices
Failed hard drives and decommissioned devices are often an overlooked risk. Failure to properly destroy them can even run you afoul with certain regulations.
Complying with Regulations
Some organizations are required to comply with strict regulations when it comes to data. This is especially true of financial companies, but organizations that store protected health information (PHI) face some of the most stringent data regulations.
For example, entities covered under HIPAA regulations must comply with the following disposal methods when destroying data:
- For PHI paper records, shredding, burning, pulping, or pulverizing the records so they are unreadable, indecipherable, and cannot be reconstructed
- Using a disposal vendor as a business associate to pick up, shred, or otherwise destroy PHI
- For PHI on electronic media, clearing, purging or destroying the media
In addition to these disposal methods, covered entities must train their employees in proper data handling procedures.
There are numerous other laws that apply to personal identifying information, but some of them vary by state. If your business or organization handles sensitive data, you should familiarize yourself with local laws.
After the passing of the General Data Protection Regulation (GDPR) in Europe, and considering recent high-level data breaches, most experts expect that new data regulations will soon take hold in the U.S. Any organization that handles data should stay apprised of any incoming legislation that may affect them.
What Types of Data Destruction are Effective?
As you can see by the HIPAA regulations stated above, there is more than one way to destroy data. However, only certain methods are considered thorough enough to comply with regulations.
If you want to reduce your liability and stay secure, you should select the most appropriate disposal method possible. Here are a few to consider:
Onsite Hard Drive Shredding
With this method, a hard drive shredding service comes to your physical location to shred hard drives, tape, and other electronic media. Physical drives are fed into a powerful machine which destroys them. Onsite hard drive destruction is one of the most thorough forms of data protection.
There are three key benefits to this method of destruction:
- Extra Space: Securing unused devices takes up space in your facility. It can even lead to increased costs. Shredding media onsite frees up space for other activities.
- Extra Savings: Onsite hard drive destruction is a cost-effective way to destroy data. You won't need to rely on your own employees or risk fixing costly mistakes.
- Security: You can witness the shredding yourself to confirm the destruction of your data. Using a professional service, you can mitigate risk and lower your liability. You'll rest easy knowing your data has been professionally destroyed.
Not all hard drives can be destroyed using other methods. This makes shredding the most thorough and popular option for data destruction.
Onsite Hard Drive Erasure
Hard drive erasure is a way to erase data while maintaining the hard drive itself. It's a more thorough method than traditional deletion. However, it is not as secure as shredding.
Most organizations use erasure when they intend to redeploy their hardware. It's also useful when you're using hardware on lease and need to return it to a vendor.
Erasing hard drives onsite does provide some security and confirmation that data has been securely destroyed
However, this may not be the best option for organizations handling sensitive data. It can also be costlier.
It requires technicians to thoroughly erase the data.
Onsite Hard Drive Degaussing
Organizations sometimes use degaussing when they wish to recycle their hard drives. Degaussing is a process of eliminating a magnetic field.
On magnetic hard drives, this process thoroughly destroys data. Magnetic media has a fine coating of a material which sits on tape as a series of lines, which are data recordings. The material is reactive to magnetic fields.
Degaussing is accomplished with a special machine, called a degausser. This machine generates an intense magnetic field that permanently removes or scrambles the data recordings on the hard drive's tape.
This data cannot be recovered (this is also why you shouldn't attach magnets to your computer).
Degaussing can be done onsite, which makes it a viable option for organizations that need to keep their data secure. There is no need to pass on hard drives to a third party. It also works on broken or failed hard drives.
Degaussing is a commonly used destruction method for hard disk drives (HDD). However, this method is not effective for solid state drives (SSD) because they are not magnetic.
SSDs are popular because of the power and savings they offer. By some estimates, they can deliver a 76% total hardware cost reduction and a 99% reduction in power requirements.
As SSDs become more common in computers and server rooms, demand for degaussing services will also decrease.
Create a Data Destruction Policy
Today, businesses and organizations face an ever-expanding threat landscape. Data breaches are becoming regular occurrences. And they don't only occur to large corporations.
If your company handles sensitive data in a data center or elsewhere, you need to have a data destruction policy. Any device that may be retired or removed from your organization must be subject to this policy. These include:
- Mobile phones
- Hard drives (HDDs and SSDs)
- Flash drives
- DVDs and Blu-Rays
- Tape storage devices (including cassettes and VHS)
- Paper records
- Emails, intranet messages, texts messages, and other digital communications
Your destruction policy should describe the processes for destroying each of these types of data, and any others that are applicable. You should document this policy and train every employee to understand it and adhere to it.
If your employees work remotely or take devices home with them, they must comply with this policy.
As part of your policy, make connections with data destruction service providers like National Computer Warehouse Services (NCWS). Founded in 2001, NCWS specializes in data center logistical solutions, data destruction services, e-waste recycling, and other custom data and records services.
Get a free quote for your specific data destruction project or call 800-892-2354.