Data will play an increasingly important role in every business. As more learning and working has shifted to remote settings over classrooms and offices, the amount of data created, captured, consumed, and copied will only continue to surge. According to Statista, the amount of data replicated and created reached a new high in 2020. As such, we can expect more and more companies to invest ample time, money, and energy into acquiring and analyzing data.
However, there is a limit to how much data a business should keep. While it is important to keep data archives, you should dispose of obsolete data, and data-bearing devices, by destroying or wiping your drives. This does not mean you should shred or dump your old computers in a junkyard, which has implications for both security and the environment. Instead, ensure that you are using secure data destruction methods by working with a certified IT asset disposition (ITAD) provider. Certified data destruction services are the key to knowing that the information stored on your hard drives and other equipment are completely removed from every single unit you recycle, rendering it completely unrecoverable and unreadable.
Read on to learn about certified data destruction and the benefits it offers.
What Is Certified Data Destruction?
IT asset disposition and data destruction refers to the process of securely disposing of computer hardware, destroying data that is no longer needed, and producing documentation with evidence of proper disposal. Certified data destruction indicates that the ITAD provider has been inspected and qualified by a third-party body that sets industry standards for data destruction and environmental health and safety practices. Not all electronics recyclers operate with certifications – this is one of the very first things any organization should vet for!
Disposing of your electronics the right way is just one step; typically, you’ll need proof that everything was done properly. That means documentation. The most basic form of documentation you can request is a Certificate of Destruction, for electronics that are being shredded in bulk and recycled for materials. A certified electronics recycler can provide you with more thorough documentation on a unit-by-unit level, known as a data destruction audit. If your organization is affected by regulations concerning the downstream of your hazardous waste and your liability for sensitive data, this extra level of security can be beneficial in the event of an audit or investigation.
Data destruction can happen two ways: by physically destroying the device in a shredder, or by digitally sanitizing it – shredding the data from within. Shredding yields a recyclable product and a Certificate of Destruction, while a sanitized device can be put back into service. Because sanitizing means handling and testing each unit individually, this process creates a detailed log of every asset. These reports verify that your company has upheld its responsibilities to protect its clients’ data with details such as:
- Client name
- Report number or ID
- Equipment or software serial number
- Model or brand of equipment used in the destruction process
- RAM size
- Serial and model numbers for the hard drive disks (HDDs)
- HDD size
- Disk sanitizing method
- Number of bad sectors
- Number of passes done
After the company has sanitized all of your data, equipment that is still serviceable can be refurbished and prepared for a second life. Since all of the data is guaranteed to have been destroyed, it can be sold and reused by someone else without your data getting leaked into a stranger’s hands. This makes certified data destruction an environmentally-friendly process with a lower carbon footprint than recycling alone.
4 Benefits of Certified Data Destruction
Certified data destruction offers many benefits, including maintaining compliance, avoiding expensive security breaches, and more.
However, not every organization needs to have its data destroyed in such a secure manner. For instance, if the electronics you’re recycling transmit but don’t store data, or if you only have a small volume of units to dispose of, you may not need the extra peace of mind certified data destruction services. If you’re in an industry that requires you to protect your clients’ or your own data, you should consider hiring a certified data destruction company.
Here are four major benefits of certified data destruction services.
1. Maintain compliance
One of the main benefits of certified data destruction is maintaining compliance. This is a particularly relevant and important benefit for companies in heavily-regulated industries such as medicine, law, finance, and education.
For instance, medical organizations have to take extra precautions to protect certain medical information due to the Health Insurance Portability and Accountability Act (HIPAA). This protected information includes clients’ treatment information, diagnoses, prescription information, medical test results, and personal information such as gender, contact numbers, ethnicity, and national identification numbers. Failing to protect this information can result in loss of licenses, heavy fines, and even prison time.
As such, you should never dump your computers or hard drives at a garbage yard or waste depot, or try to wipe and sell them yourself online — this will likely lead to data leaks and other cybercrimes. Instead, you should hire a reputable IT asset disposition company to help you dispose of old hard drives and computers. When choosing an ITAD partner, be sure to pick one with the certifications you are looking for. For instance, if your company is based in the U.S., you should look for a company that performs data destruction according to U.S. state and federal laws. Laws that regulate a business’s exposure to liability for private data include:
- Health Insurance Portability and Accountability Act (HIPAA): HIPAA requires companies to take extra precautions when protecting information known as personal health information (PHI). PHI includes clients’ treatment information, diagnoses, prescription information, medical test results, and personal information such as gender, contact numbers, ethnicity, and national identification numbers.
- Family Educational Rights and Privacy Act (FERPA): FERPA is a federal law that regulates and protects the privacy of student education records. To comply with FERPA standards, your data destruction company needs to use proper ways to destroy sensitive student data when it’s no longer needed.
- Federal Trade Commission’s Disposal Rule: This rule requires companies to dispose of information in consumer records and reports properly to protect against “unauthorized access to or use of the information.” It applies to consumer reports as well as information derived from consumer reports.
- Gramm-Leach-Bliley Act (GLBA): The GLBA requires companies to explain how they protect and share personal information. It also protects financial non-public personal information (NPI).
- The Fair and Accurate Credit Transactions Act (FACTA): This is a federal law enacted to enhance consumer protections and guard against identity theft. Penalties for willful violations can go up to billions of dollars, so make sure your data destruction company is destroying all personal information properly. Otherwise, your customers’ personal credit card information may end up in the wrong hands, leading to identity theft.
- California Consumer Privacy Act (CCPA): The CCPA is a California state law that enhances consumer and privacy rights for residents of California. It gives California residents the right to delete personal information collected from them and the right to know about how a business uses and shares their information. Due to the CCPA’s high standards, it’s a good idea for you and your data destruction company to destroy digital data after you’ve met the CCPA’s retention requirements. Further, even if you’re not located in California, you need to consider the CCPA if your company meets one or more of the following requirements:
- Has annual gross revenues of more than $25 million
- Buys or sells, or receives or shares the personal information of 50,000 or more California residents for a commercial purpose
- Makes 50% or more of annual revenues from selling personal information
- Identity Theft and Assumption Deterrence Act: You need to make sure your data destruction company destroys your customers’ personal information according to this act so their personal information won’t be used to commit crimes. This act doesn’t just criminalize identity theft, but it also imposes harsh punishments on people who use stolen information to commit crimes.
- Sarbanes-Oxley Act: This law makes it a crime to cover up, destroy, or falsify any document to obstruct, impede, or influence any federal investigation or bankruptcy case. As such, you need to make sure that your data destruction company isn’t destroying something it shouldn’t be.
- Other important local, state, and federal regulations that apply to your company, such as the U.S. Safe Harbor Provisions and the Bank Secrecy Act.
Additionally, you should make sure that the data destruction company follows your company’s security standards. Secure IT asset disposition is an extension of your overall IT infrastructure.
2. Avoid an expensive security breach
Guarantee a chain of custody
Certified data destruction services can help you avoid an expensive security breach. Unlike uncertified electronics recyclers, certified ITAD providers are held to standards by their certifying bodies that guarantee a secure chain of custody and a reliable electronic data destruction process.
A chain of custody is an auditable paper trail that provides transparency into the electronic data destruction process. It includes the following details:
- What was done
- Who did what, and who was the assigned project manager
- When certain steps of the process were started and when they were finished
- A list of all serial numbers involved, including shipping numbers of parts destroyed at another location
- Recording of the destruction process showing the method of destruction
- Written contract(s) that stipulate the scope of the provided service. There can be more than one if the data destruction company hires a third party to assist with data destruction or transport materials to a location.
- A signed Certificate of Destruction that proves compliance with the relevant privacy standards and regulations.
Having a solid chain of custody will help protect your business against potential regulatory fines. It is also a legal obligation for anyone who wants to destroy sensitive data as per HIPAA and other legislation.
Prevent intellectual property theft
Besides protecting your client’s personal data, data destruction services can also help you prevent intellectual property theft. If you do not securely destroy the data contained within electronic devices, third parties such as competitors can use the data stored on discarded devices to make copies of your creations and sell them as their own.
3. Protect your company's reputation
Another reason you should hire a certified data destruction company is to protect your company’s reputation. By choosing a company that guarantees certified data destruction and maintains industry standards, you are telling the public that:
- You prioritize protecting your clients’ data
- You want to protect your clients’ data from blackmail, identity theft, and other cybercrimes
When choosing a data destruction company, take a look at their certifications.
Cobalt, for instance, holds R2 certification, which is a standard specifically created for electronics recyclers by Sustainable Electronics Recycling International (SERI). Companies with this certification take special care to protect the environment when destroying and disposing of hard disks and other equipment during the data destruction process. Consider hiring a data destruction company that maintains R2 and other similar certifications if you want to boost your company’s environmentally-friendly reputation.
Another certification that can help you protect your company’s reputation is e-Stewards. Created by the Basel Action Network in 2006, e-Stewards is similar to R2. However, it also has additional provisions that apply to international recyclers, making it a good choice if you operate branches or subsidiaries in different countries.
4. Overall peace of mind
Finally, certified data destruction services will give you peace of mind. Not only will a certified data recycler make you and your clients’ private information inaccessible and unusable by third parties, but it will also give you more time to focus on running your business.
This is particularly the case if you choose a company that offers customizable all-in-one solutions. The need to retire and replace equipment is ongoing and cyclical. You want to hire a company that you trust and who follows all the best practices to maintain certification. After hiring such a company, all you have to do is call them, and they will automatically be at your service whenever you retire or replace office equipment. In other words, you do not need to create a new contract with them every time you want to replace or retire a piece of equipment. This enables you to continue providing the best service possible to your clients.
Choose Cobalt for Certified Data Destruction
Choosing the right data destruction company can be difficult, particularly if you are new to the process and have little background knowledge about the different certifications in the field. It can be particularly challenging when you are also dealing with complex regulatory requirements in your industry.
Fortunately, we at Cobalt are here to help. We understand your commitment to your brand, customers, and mission statement and how complex the regulatory environment can be for many industries. As certified data destruction experts, we provide a secure, convenient, and efficient way to dispose of your electronics. We accept:
- Telecommunications equipment, including cell phones, fax machines, smartphones, and desk phones
- Computers, tablets, and laptops
- External storage and hard drives
- Network equipment, including but not limited to routers, switches, modems, and servers
Interested? Contact us today. Our account service manager will walk you through the process of data destruction and tailor services specifically for your needs. We take 100% responsibility and liability for all the materials we recycle and resell, from pick-up to final disposition. We also provide extensive reporting and total transparency to keep you updated on the process.