Information Security – the Importance of Certified Data Destruction
There are serious ramifications if sensitive company data falls into the wrong hands. Many organisations, and have been prosecuted under the recently updated 1998 Data Protection Act.
The 1998 Data Protection Act, a variety of compliance (ISO27001, PCI DSS etc…), and other legislative requirements make it mandatory adopt appropriate robust security measures. Organisations also have a responsibility to prevent unauthorised access, alteration or accidental loss or destruction of personal data. Failure to remove personal data from a computer’s hard drive may result in Crown Court prosecution and unlimited fines, which may include personal compensation claims.
The only way to permanently destroy data, without physically destroying the hard disk, is by multiple overwriting of the data by generating and recording random characters across the entire surface of the drive, resulting in all data being destroyed and file sizes reset to zero.
There is an increasing number of standards including the American Military standard DOD 5220.22-M or Infosec Enhanced Standard 5. In essence these standards dictate that the drive has to be over written a minimum of 3 times.
WEEE Shred UK uses the latest CESG approved overwriting software that exceeds this standard and allows us to overwrite our customer’s hard drives up to a maximum of ninety-nine times. In the event that a hard disc cannot be data erased or if it is below 40GB the drive will be shredded. All company references including permanent security markings will be removed from equipment.
For highly sensitive data WEEE Shred UK offers an on-site hard drive destruction service, where the customer can witness their own drives being destroyed on their premises. Our portable hard drive destruction unit is the only device of its type to be CESG approved. The crusher can destroy over 100 drives per hour and guarantees total hard drive destruction. It runs on standard electricity and can be used in an office environment with little or no disruption to surrounding staff.
There have been a number of high profile cases over the years where leading companies have fallen foul of the data protection act by allowing sensitive and/or privileged information to reach the public domain. In most cases this can be traced back to the IT disposal company who simply did not take appropriate measures to erase or safeguard their client’s information.
Our data erase software is one of only 3 that is CESG approved and our wiping process meets the highest recognised standards in the UK. We produce a certificate for every hard drive detailing the drives make and serial number.
Under the WEEE Directive you still cannot dump redundant electronic equipment, thus you will have to engage the services of a reputable IT disposal company. In addition to your recycling responsibilities you must adhere to the Data Protection Act and ensure that all data is wiped and certified.