Why Electronic Media Destruction is Key to Data Protection
It’s a fact: Data doesn’t just go away by deletion. Computing systems, including desktops, laptops, tablets, and cell phones, store data on a variety of media forms, including backup tapes, computer tapes, CDs, DVDs, hard drives (HDs), flash (aka thumb or jump) drives, floppy disks, and solid-state drives (SSDs). Older film technologies such as microfilm, microfiche, and x-rays can also fall into this category.
The problem is, when those devices are no longer needed, traces of that data (which may include personal info like bank account numbers or confidential files containing sensitive company information) can be easily overlooked and left on electronic media, making it a target for malicious attempts against your company.
The phrase “electronic media destruction” may sound super technical, but in the most basic terms, it simply means getting rid of data (or the device the data is on) once it’s not required anymore. Doing this is essential because letting that information linger leaves it vulnerable to falling into the wrong hands—and worse, subjects your company to a data breach, which comes with regulatory violation fines such as HIPAA, GLMB, and CCPA.
A Compelling Case in Point
According to a recent Blancco Technology Group study, security and privacy concerns are well-founded. Staff from Blannco’s offices in the United States, the United Kingdom, Germany, and Finland purchased 159 used SSDs and HDs on eBay. These eBay sellers insisted that the devices were securely wiped, leaving no data behind.
Blannco then asked data recovery experts at Ontrack to see what (if any) data they could recover from the allegedly wiped drives.
When these recovery specialists looked for any traces of data on the drives, they discovered something troubling. A staggering 41% of the 159 drives contained personally identifiable information of some kind—birth certificates, photographs, names, and email addresses—all of which could have left those sellers subject to significant data breaches.
Electronic Media Destruction 101
Just as you would decimate paper documents, electronic media destruction involves physically destroying electronic media. Processes used are shredding, punching, incinerating, disintegration, and degaussing (more on these later)—so that all traces of data can no longer be found, and the device is entirely unrecognizable.
Electronic media destruction isn’t something you do once—it’s basically a (periodic) prerequisite for keeping data safe. It’s also super important to educate every employee on why disposing of electronic media is not only necessary but needs to be done properly.
The Following Methods Are Common Ways to Wipe the Slate Clean
This process involves burning electronic media to convert it to ash and smoke, making it unrecoverable by any means. Incineration also destroys any chemicals that were used in the manufacturing process of the product so they’re not released into the environment during disposal. In California, however, this method is no longer commercially viable in most markets due to local restrictions on incinerators.
Sometimes known as pulverization, disintegration involves using a machine similar to an industrial blender, which turns the entire hard drive into fine glass dust that’s then captured and disposed of. Unfortunately, the disintegration process can create fine airborne dust that’s less environmentally friendly than other methods, so companies regulated by the NSA or DoD usually only use this for the most sensitive information.
Degaussing is best for electronic media types that rely on magnets to hold their data. It uses an electromagnet to create a powerful magnetic field, which scrambles information, including start-up files, on the hard drive, rendering it useless. This process cannot be reversed. However, because the final product is not visibly distinguishable from readable drives, it can introduce some risk if the handling process is not managed well. Additionally, while degaussing is great for older drive technology, it is not effective on current Solid State drive technology, which is why some IT professionals prefer physical destruction to this method.
Some of the Best Ways to Wipe Out Data
Punching, also known as Crushing, is the process of using a high-power hydraulic press or “punch” to bend, tear, and fold the hard drive rendering it completely unusable.
Shredding utilizes a machine that repeatedly slices electronic media with high-speed blades. This results in tiny fragments that cannot be reassembled back into their original form. What’s great about this method is it allows for recycling the various components—so, it’s highly popular for its combination of security and environmentally friendly output.
File This Under Important
Read: Electronic media is not secure, even after it’s wiped or deleted. Which is exactly why all forms of electronic media should be properly destroyed as an investment in consumer privacy compliance and the longevity of a company.
The most reliable way to get the job done and dusted is by using a professional shredding company, like Corodata, certified by the National Association for Information Destruction (NAID).learn more