If you’re thinking of performing a Spring Clean throughout your organisation, and want to dispose of sensitive data to start afresh, this is what you need to know before disposing them.
When you think of IT security or electronics waste disposal, destroying data such as end-of-life hardware is usually an afterthought. Unfortunately, smashing up hard drives with a hammer in hand or performing a quick reformat no longer guarantees protection from the risk of data breaches. In other words, what seems like a quick fix could land you in hot water further down the line.
Globally, data protection laws are only becoming tighter, and the penalties for non-compliance more severe. What was kicked off with GDPR has now stimulated similar laws across the world, such as Brazil’s LGPD and Australia’s Privacy Act. The trend is clear: the sort of compliance GDPR demands means legacy methods of disposing of data simply aren’t enough.
A recent study showed that 60 per cent of computers on the second-hand market, which were discarded by businesses, still contained sensitive data. Like obtaining, using and storing data, information should always be disposed of securely too, not matter how sensitive.
A do-it-yourself approach to data disposal may seem appealing in the absence of a IT department, but there is much more to information destruction. From official risk assessments to destruction certificates, the Data Protection Act details appropriate technical and organisational measures should be taken to avoid unauthorised and unlawful processing of data.
Other methods of data destruction, such as off-the-shelf data destruction software don’t guarantee security either and can prove expensive in the long run. Whether destroyed in-house or outsourced, an information security policy should be in place, which covers data erasure and hardware disposal procedures.