Companies are tossing their old tech like crazy lately with all the upgrading going on. But businesses need to make sure they don't throw the baby out with the bathwater -- meaning all that sensitive business data on the old hard drives.
“Never listen to the guy in the pickup who says he'll take your old equipment away for free,” says Gina Chiarella, COO of e-waste disposal company We Recycle!, Inc. “That's the quickest way for your data to end up on a flea market table.”
Getting rid of old technology can be hazardous, since there's very likely sensitive data still on it. Even if you've erased and reformatted, computer hard drives contain loads of data you don't want to let outside of your firewall – e-mails, contracts, planning documents, employees' personal information, credit cards, and much more reside on these hard drives. Besides identity theft, data loss may leave you or your company liable under federal laws such as HIPAA, Sarbanes-Oxley, Graham-Leach-Bliley or under state laws. Criminal penalties include fines and prison terms up to 20 years. Not to mention the civil suits that can result.
As many as 150 million computers are trashed each year, often without having their hard drives erased. According to the U.S. Department of Defense standards, secure deletion requires three complete rewrites on the drive before it's considered clean. But some of the newer forensic data mining technologies could potentially retrieve material that's been treated to even higher levels of erasure. If the wrong people were to gain access to it, they could hurt a business very seriously.
The best way to eliminate data
“Software that overwrites the whole drive, as the DoD recommends, is the best way to eliminate any data left on it,” said Chiarella. “If companies want to dispose of equipment that contains highly sensitive data and they don't trust simply erasing, even when that erasure is considered secure, then they can go all the way and take it to a disposal company that uses a mechanical shredder and have the drives destroyed completely.”
If you intend to reuse or recycle the drive yourself, there is excellent software that will do data erasure securely. Any program used for erasing a hard drive should follow the DoD's clearing and sanitizing standard. A couple of the best are Darik's Boot and Nuke, a free open source application, or Eraser, also free, from Irish software maker Heidi, Ltd. Beginning with Mac OS 10.3, Apple enhanced its security by introducing the Secure Empty Trash feature, which follows the DoD standards, and overwrites data seven times. If that's not secure enough for you, then download the free program Permanent Eraser from Edenwaith Software, which overwrites your data 35 times.
Disposing of hardware
The problems of e-waste are even more complicated than just data security – the EPA estimates that over 220 million tons of old computers and other tech hardware are trashed yearly in the United States. E-waste contains high amounts of dangerous chemicals like mercury, cadmium, lead, and other toxins and carcinogens, and is often illegally exported to other countries where the material may not be disposed of properly. With too little oversight and regulation, much of this toxic waste ends up in places like Nigeria and China, where local populations now have high incidences of birth defects, infant death, cancer, and other illnesses. So what can a small or mid-sized business do when it needs to eliminate old equipment responsibly?
“We recommend organizations deal with a licensed vendor to dispose of their technology,” said Robert Johnson, executive director of the National Association for Information Destruction (NAID), an international trade association for companies providing information destruction services. “A company interested in the quality and security of its data destruction needs to personally inspect the facilities of any disposal firm before dealing with them. Ask about how they manage their own business, and most importantly find out specifically how they dispose of the e-waste.”
“When getting rid of tech equipment,” said Chiarella, small and mid-sized businesses "should also look at the website of the manufacturers of their equipment to see if they offer a 'take back' program for old equipment. OEMs do very good due-diligence to carefully and completely dispose these dangerous materials.”
Sony, Apple, HP, Dell, and Lenovo, as well some other companies, all have programs to take back their products and recycle the materials -- but just for safety, make sure you pull the hard drive for secure erasing or destruction. Check the company websites to find out if this is an option for your equipment. Also check with the Electronics Take Back Coalition for more information on companies offering this service. But while doing the right thing ecologically, make sure it's done securely and carefully. Dealing securely with the disposal of your equipment and data destruction is something you can't afford to scrimp on.
“Cutting corners,” said Chiarella, “is never a good idea with data security. The fee that is associated with managing data destruction is far less than your cost of exposure of that data.”