Most people don’t destroy hard drives on a regular basis, so there’s a lot that’s unknown about the practice. Many myths circulate when it comes to which steps are sufficient for safely destroying a hard drive and minimizing the risk of a data breach. Here are a few of the most common myths about hard drive destruction, as well as the truth behind them.
Myth 1: If destruction guidelines don’t apply to your business, you shouldn’t worry about them.
Data destruction protocols vary based on the nature of a business and its location. In Canada, for example, the Canadian Consumer Privacy Protection Act (CPPA) is currently being developed and may affect businesses’ data destruction practices. The new statutory framework, if passed, will repeal and replace Part I of the Personal Information Protection and Electronic Document Act (PIPEDA). While we have yet to see the specifics of CPPA, it appears that organizations will have to demonstrate how they mitigate risks associated with collecting and using personal information, which could include data destruction.
Other nations also have their own privacy protection legislation in place. The EU has a set of data destruction regulations under the General Data Protection Regulation (GDPR). In the U.S., the FTC’s Disposal Rule applies to banks and other lenders, law firms, landlords, employers, government agencies, and any company or organization that pulls credit reports. This rule calls for the proper elimination of private information to minimize the risk of unauthorized access or use. U.S. healthcare organizations must also comply with HIPAA, which calls for shredding or otherwise destroying paper documents and destroying or erasing electronic files.
Regardless of whether any data destruction laws apply to your business, it’s best to act as if your company could have personal data in its possession. There’s always the possibility you could have personally identifiable information, such as customers’ phone numbers, addresses, or other data on your devices. Acting as if this information could be present and following proper data destruction protocols could protect your business against serious legal and reputational ramifications.
Myth 2: Your business is unlikely to be a target for theft.
Many small business owners fall for this myth. You may not think your business would have information that would be attractive to a cybercriminal, but it’s impossible to know what information they might want or how they’d use it. Even if you don’t have credit card numbers or other seemingly valuable data, proper hard drive destruction will minimize the risk that any future data breaches could be traced back to your business.
Myth 3: Only computers call for hard drive destruction.
Most offices are rich with stores of information on devices that often go overlooked. Besides computers, virtually all IT equipment holds some data. Even printers and scanners hold data from images that have been printed. For this reason, be sure to include copiers, fax machines, phones, and cash registers in your IT asset disposition (ITAD) plans.
Myth 4: Overwriting or reformatting data is enough.
Erasing, overwriting, or reformatting data on your own won’t be sufficient for ensuring information is truly irretrievable. A factory reset can certainly make it more challenging for data to be accessed, but for experienced cybercriminals, there are still ways to access it from traces left behind. The only ways to destroy data so that no information remains are professional data wiping through certified protocols or physical hard drive shredding performed by a company certified in data destruction practices.
Myth 5: You can perform physical hard drive destruction yourself.
It may be tempting to just take a sledgehammer to your computer, and it’s possible that approach could render data irretrievable. Yet, your business could face serious fines for hazardous waste disposal. Hard drives contain heavy metals which can be toxic to the environment if simply thrown away in the trash. Plus, there’s the possibility that you may need a certificate of data destruction in the future. Unless you’ve received one from a certified ITAD company, your company could come under scrutiny from regulatory agencies.
One final myth is that just anyone can take your hard drives and dispose of them safely. For the utmost level of security, turn to an ITAD provider with the highest qualifications in data security — Quantum Lifecycle. Find out more about our data destruction guarantee here.