Alison Leslie Sep 23, 2020 10:05:22 AM 5 min read

Secure Data Destruction - Data Erasure

Data erasure (sometimes referred to as data clearing, data wiping, or data destruction) is a software-based method of overwriting the data that completely destroy all electronic data residing on a hard disk drive or other digital media by using zeros and ones to overwrite data onto all sectors of the device. By overwriting the data on the storage device, the data is rendered unrecoverable and achieves data sanitization. This method of data erasure allows companies and users to contribute to the circular economy while gaining re-marketing value from the wiped assets. Physical destruction techniques do not afford the same sustainability feature.

Strict industry standards and government regulations are in place that force organizations to mitigate the risk of unauthorized exposure of confidential corporate and government data. Regulations in the United States include HIPAA (Health Insurance Portability and Accountability Act); FACTA (The Fair and Accurate Credit Transactions Act of 2003); GLB (Gramm-Leach Bliley); Sarbanes-Oxley Act (SOx); and Payment Card Industry Data Security Standards (PCI DSS) and the Data Protection Act in the United Kingdom. Failure to comply can result in fines and damage to company reputation, as well as civil and criminal liability. Reputable ITAD companies who offer these services demonstrate compliance to the standards by obtaining certification to demonstrate a commitment to the data security of those they serve. Certifications for this industry include NAID (National Association of Information Destruction) is the most highly sought-after certification for those seeking a provider for data destruction.

 

Software used by reputable ITAD providers meet specific industry standards and is thoroughly audited on a regular basis by both the provider and an impartial third-party assessor. Certification such as NAID require rigorous screenings of overwriting methods to ensure constant efficacy and dependability at a digital and physical level. Permanent data erasure goes beyond basic file deletion commands, which only remove direct pointers to the data disk sectors and make the data recovery possible with common software tools. Software-based overwriting uses a software application to write a stream of zeros, ones, or meaningless pseudo random data onto all sectors of a hard disk drive. There are key differentiators between data erasure and other overwriting methods, which can leave data intact and raise the risk of data breach, identity theft or failure to achieve regulatory compliance. Many data eradication programs also provide multiple overwrites so that they support recognized government and industry standards, though a single-pass overwrite is widely considered to be sufficient for modern hard disk drives. Good software should provide verification of data removal, which is necessary for meeting compliance standards.

 

Information technology assets commonly hold large volumes of confidential data. Social security numbers, credit card numbers, bank details, medical history and classified information are often stored on computer hard drives or servers. Leaving these assets in the hands of inexperienced, unprofessional, or incapable individuals or providers can leave a company open to substantial liability.

COMMENTS