With technology becoming more involved in our daily lives and jobs, data security has become a top concern for many companies these days.
Any number of electronics that a business manufactures or uses is bound to contain either customer or employee data or trade secrets.
As we’ve said before, whether you’re in the IT, environmental, medical or another professional industry, it’s important to properly dispose of electronics that might contain personal or proprietary information. If this doesn’t happen, you’re potentially putting your organization at risk and essentially asking your customers not to trust you.
So when handling used electronics, how do you know if your company is meeting the right standards set for the e-waste recycling industry when it comes to data security?
That’s where data destruction comes into the discussion.
Whenever getting rid of hard drives or any other electronics containing personal information, it is important to ensure that any data destruction efforts are meeting the standards that are the highest in the industry.
These standards are set out in the Department of Defense’s D.O.D. 5220.22-M and the National Institute of Standards and Technology’s NIST 800-88 publication. These specify minimum requirements, which should be included in a company’s data destruction plan.
What is Data Destruction?
When businesses upgrade their computer and electronic equipment, the older items are usually either sold in the secondary market, donated, destroyed or recycled for use elsewhere.
The data stored on these devices needs to be removed to guarantee that no sensitive information is accessible to unauthorized parties, and the data must be erased correctly, otherwise known as sanitizing.
NIST defines this sanitization as “the removal of data from storage media so that, for all practical purposes, the data cannot be retrieved.”
How can Managers ensure Compliance with Standards?
In order to secure data, protect sensitive information and prevent possible cybersecurity attacks, it is of the utmost importance to follow the guidelines set by D.O.D. and NIST, and these standards should be at the top of every business’s priority list.
D.O.D. 5220.22-M and NIST 800-88 differ slightly in that D.O.D. 5220.22-M specifies that three passes are to be carried out to sanitize.
However, NIST 800-88 specifies that one pass can be carried out, which is usually sufficient to sanitize most hard drives. This method should also resist any forensic recovery methods that are typically used on modern devices.
To comply with D.O.D. hard drive destruction standards, data sanitization must follow these steps:
- Each section of the drive is to be overwritten three times (three passes)
- The first pass replaces data in each section with a character
- The second pass replaces the character with its component
- During the third pass, the component in each section is replaced with a random character
- For “top secret” information to be effectively removed, an additional step is added where, after the above three-pass procedure, all activity logs, classified labels and markings are removed.
The importance of complying with D.O.D.hard drive destruction standards cannot be overstated. The last thing any business wants to experience is an unexpected leak of sensitive data that should have been correctly protected.
A data breach could potentially lead to a vast cybersecurity attack or other unauthorized use of data. The increasing use of cloud-based systems further means that more businesses need to take responsibility for the effective sanitization of media—even more so than before.
Surplus Service is a San Francisco, CA Bay Area-based award-winning e-waste management business that specializes in ITAD, medical recycling, electronic liquidation, reverse logistics and data eradication. As the No. 1 electronic reuse and recycling leader, our goal is to provide eco-friendly solutions that lead to the reuse of electronics rather than just having them recycled or end up in a landfill. To learn more about us, call one of our e-waste recycling specialists at (510) 226-0600 or email us at Info@SurplusService.com.