Since the GDPR came into force in 2018, there has been a lot of focus on the importance of ensuring that paper documents containing sensitive data are properly disposed of. However, while this remains a key consideration for compliance with data privacy regulations, it’s not the only one. In fact, it’s just as important to focus on safely disposing of hard drives and other media too. These can create just as much exposure for your business if they fall into the wrong hands.
Hard drives and media – what do you need to consider?
There are a range of different items in your business that could present a risk if they are not being properly disposed of. These include:
- Hard Drives
- CDs & DVDs
- USB Memory sticks & SIM Cards
- Microfishe & Floppy Disks
- Video or Cassette Tapes
All of the above may contain digital versions of documents and data that could be retrieved if they are not fully destroyed.
Technology has evolved considerably in recent years and, as a result, many hard drives and business media items are much harder to destroy. We often make assumptions about data being ‘safe’ simply because it has been erased or is kept on the premises and this often leads to some common mistakes when it comes to media and hard drives.
- DIY destruction. Ensuring the complete destruction of a hard drive or other media is something that should be left to the professionals. You might feel good taking a hammer to a laptop that is no longer required but there is no guarantee that someone with the right skills wouldn’t still be able to retrieve something essential from it.
- Holding on to items for safekeeping. Stockpiling old hard drives and other media, even if they are in a locked room, won’t ensure that the data they contain is safe from someone who might find it useful to steal it.
- Erasing simply doesn’t work. In fact, a recent survey of around 200 second hand hard drives found that, although they had all been erased, 67% still contained personally identifiable information.
- Recycling isn’t secure. If you’re sending old media and hard drives off to be recycled then that’s a positive step in terms of environmentally friendly policies. However, it’s important to bear in mind that many recycling processes are not secure – you have no idea who could access the items, and their data, before they are recycled and that presents a risk.
Perhaps the biggest mistake that any business makes when it comes to used hard drives and media is simply to do nothing with them. Most will contain at least some key business data that can be used by a clever third party looking to take advantage of a vulnerability. It’s essential to implement a secure disposal policy, working with a hard drive and media shredding partner - using screened and vetted security personnel - who will collect items from your premises for destruction to minimise risk.
Get in touch today to discuss your shredding requirements