Best Practices for Data Destruction

Data destruction is a vital process within the IT lifecycle. How companies dispose of – or recycle – their data and IT assets is an area fraught with security, legal and environmental issues. To mitigate these risks, it is important to follow best industry practices.

Choosing the correct company to dispose of your IT assets is a vital step in the process. This is because it is your legal responsibility – and not the data destruction company you hire – that will be held liable if a data breach occurs.

Understand your data

Before your data and IT assets are destroyed, you must be aware of where your data is. While PCs, CDs, USB sticks, tablets, and company smartphones are an obvious location, data also sits on desktop phones, scanners and printers.

Furthermore, if your company allows employees to receive company email on their personal devices such as their smartphones, you are responsible for this data too. Therefore, a full inventory of where data sits in your organization is vital.

Decide on a data destruction strategy

Once an IT asset disposition (ITAD) program has been established and lists the data and/or assets to be destroyed, you should decide on strategy, namely: data destruction or asset recycling.

Data destruction
- This involves data erasure and degaussing services
IT Asset Recycling
- The repurposing of used IT parts in order for companies resell / reuse parts as ‘new’ equivalents
- Donation of IT assets to charity

Decide where data destruction takes place

Typically, data can be destroyed in two places, either on or off-site.

On-site
- On-site data destruction is preferable for companies with compliance concerns and involves mobile shredding equipment
Off-site
- Secure shipment for small media quantities / boxed materials for off-site destruction

Environmental / Worker health

All data and asset disposition must be destroyed in a way which satisfies both your company’s standards and that of your jurisdiction, such as governmental and other agencies.

The following are examples of regulations and initiatives governing electronic waste, data, and worker health.

Data:
- GDPR
Electronic waste:
- The EU WEEE directive
- Basel Convention
- WEEELABEX
- The reduction of waste going to landfill
- The reuse, remarketing or socially responsible donation of redundant/obsolete IT assets
- R2 (Responsible Recycling) standard
- ISO 9001, ISO 14001

Furthermore, the health and safety of workers must be of paramount importance and be in line with OHSAS 18001 which improves performance, aids legal compliance and controls health and safety risks.

Full accountability
When your data has been destroyed, it must be ensured that all data has been removed from the devices. Such accountability should include:

Certificate of erasure of data for each hard drive
Evidential video file of device destruction for each hard drive
Date and time-stamped of the destruction process
Full chain of custody tracking and reporting of all redundant/obsolete assets from our receipt to final disposition

For more information about Wisetek, see: https://wisetek.net/services/data-destruction/

January 11th, 2019

Are You Still Holding Data?

GDPR Regulations You Need to Understand & How Wisetek Can Help With the recent introduction ...

May 15th, 2018

How ‘GDPR Compliant’ do you think you are?

Wisetek a global leader in advanced IT asset disposal, data destruction, technology reuse and ...

Best Practices for Data Destruction

Data destruction is a vital process within the IT lifecycle. How companies dispose of – or recycle – their data and IT assets is an area fraught with security, legal and environmental issues. To mitigate these risks, it is important to follow best industry practices.

For more information about Wisetek, see: https://wisetek.net/services/data-destruction/

Related Blogs

Are You Still Holding Data?

How ‘GDPR Compliant’ do you think you are?

Lets Talk