Securely disposing sensitive data

It's harder than you think

When you think of IT security, secure data destruction is usually an after thought. So smashing up end-of-life hardware with a hammer in hand or a quick disk reformat, no longer guarantees protection from the risk of data breaches, which could land you in hot water further down the line.

A recent study showed that 60 per cent of computers on the second hand market, which were discarded by businesses, still contained sensitive data. Like obtaining, using and storing data, information should always be disposed of securely too, not matter how sensitive.

A do-it-yourself approach to data disposal may seem appealing in the absence of a dedicated IT department, but there is much more to information destruction then meets the eye. From official risk assessments to destruction certificates, the Data Protection Act details appropriate technical and organisational measures should be taken to avoid unauthorised and unlawful processing of data.

Other methods of destruction, such as off-the-shelf data destruction software don't guarantee security either and can prove expensive in the long run. Often free and readily available, it's usually the case that the more equipment you have, the less money will be saved by tackling data disposal in-house.

Whether destroyed in-house or outsourced, an information security policy should be in place, which covers data erasure and hardware disposal procedures. This will form the basis of the most reliable method of permanently disposing data securely.