When floods, fires, and other natural disasters occur, they can wreak havoc on the on-site computer equipment many organizations depend on to store and retrieve their important data. Because physical, formatting and logical problems can cause data to go missing, technology has developed to keep pace with all of these issues. And this is good news when the desire to recover data serves the rightful owners of such data. However, data retrieval can also be practiced by criminals whose intentions are to exploit sensitive data.
Consider this: The National Association for Information Destruction (NAID) recently reported that 40 percent of resold and/or recycled electronic storage devices contained sensitive personal and business data such as credit card, tax and personal contact information, as well as passwords and usernames.
Can Data be Recovered From Destroyed Drives?
It’s interesting to note that a growing number of companies are opting to use data destruction services when it’s time to consolidate or swap out their electronic storage devices. And while this is a prudent idea, the problem remains that even though companies may be issued a certificate of destruction that claims all their data was destroyed, if the process of destruction isn’t robust enough to actually render all data unrecoverable, the original owner of the data is still liable if some of it is later recovered or leaked illegally.
At that point, the data destruction certificate becomes a meaningless piece of paper, and the company whose responsibility it was to protect its data will most likely pay dearly in legal and regulatory penalties, as well as PR nightmares.
What Is Data Destruction?
So what is data destruction? This would be a fairly easy question to answer if all data destruction companies and services were created equal. However, they aren’t.
Today’s data centers and computer facilities are faced with important choices when selecting a data destruction company and method by which to expunge their data from old devices. First, with regards to selecting a company, it’s crucial for data centers to do their due diligence and check a data destruction company’s credentials.
At DataSpan, for instance, we’re proud to be a certified National Association for Information Destruction (NAID) member company with a AAA rating. In addition, we’ve been serving the needs of data centers since 1974 and count more than half the Fortune 1000 among our client list.
As far as methods of destruction are concerned, there are three basic procedures: shredding, degaussing and erasure.
Shredding, like its name implies, puts your hard drives through a mechanical shredder that literally rips the drive into little strips that cannot be reassembled or read.
Degaussing subjects drives to a high-energy magnetic field that disperses all data into random unreadable bits.
Erasure aims to wipe the drives clean using special software, but it may not work on faulty drives or bad sectors. However, wiped drives can be reused or resold.
All three of these methods have their pros and cons that a reputable destruction service can advise you on.
Why Is Data Destruction So Important?
If your company needs to be HIPAA-compliant or follow data-handling regulations such as those found in the Sarbanes-Oxley Act, then data destruction isn’t a step you want to take lightly. In fact, you may want onsite data destruction or some special form of chain of custody that only an experienced firm like DataSpan can provide. When security is an issue, you don’t need to incur extra risks.
To learn more about our fully secure and audit-ready data destruction services, contact us today.