Electronics
Data Destruction Best Practices for Computer Recycling
For all companies involved in electronics recycling, it is very important to provide the correct data destruction services for each client. Knowing the industry standards and norms will help protect the reputations of electronic recyclers and their corporate customers.
Elizabeth C. Wilmot
A significant part of recycling computers is destroying the hard drives. Corporations regularly ask about the industry standards and norms for hard drive destruction since the updated NIST 800-88 guidelines are vague. NIST is the National Institute of Standards and Technology, a Department of Commerce agency (see Information Technology Laboratory sidebar). This article will discuss a set of clear recommendations and best practices in conjunction with privacy and security issues.
Crushing
Crushing is recommended for small companies (one to 20 employees) with no sensitive information on the hard drives. Sensitive information includes credit cards or social security numbers. Price is the most important factor for these companies. Small service companies that store their customers’ intimate data like accounting firms, law firms and medical offices should not use this option.
Shredding to Strips
This method is for small companies with sensitive information on the hard drives, including credit cards or social security numbers. Price is an important factor for these companies but they also realize the potential liability that could occur if data is released. Small service companies that store their customers’ intimate data like accounting firms, law firms and medical offices should not use this option as data is recoverable from hard drives which are only shredded into strips.
Shredding to 30mm Pieces (About the Size of a Quarter)
Any company with sensitive information on their hard drives should consider this method. Sensitive information includes any type of personal or financial information including customer information and corporate transactions and records. These companies realize the huge potential liability that could occur if data is released which can easily happen if the hard drive is only shredded into strips. In addition to the potential civil and criminal liabilities, these companies understand that their corporate brand is worth protecting. This is appropriate for most companies.
Shredding to 10mm Pieces (About the Size of a Dime)
Large and mid-sized companies with extremely sensitive and confidential information on the hard drives regularly choose this option. These are typically banks or defense contractors who absolutely understand the consequences of a data breech. These companies realize the huge potential liability that could occur if data is released. In addition to the potential civil and criminal liabilities, these companies understand that the information on their hard drives is one of the most important assets of their company. They have no tolerance for any type of data leak.
For all companies involved in electronics recycling, it is very important to provide the correct data destruction services for each client. Civil, criminal and monetary punishments have become much more severe as the emphasis on protecting customer’s information and privacy has become a national issue. Knowing the industry standards and norms will help protect the reputations of electronic recyclers and their corporate customers.
Elizabeth Wilmot is President of Turtle Wings/Data Killers (Washington, D.C.) with locations nationwide. The company has been in the business of recycling electronics since early 2005. Turtle Wings is an ISO certified, woman-owned, HUBzoned company holding multiple GSA contracts. Turtle Wings/Data Killers offers onsite data destruction services nationwide with the ability to cut to 10mm and 30mm sizes. For more information, call (301) 583-8399 or visit www.DATAKILLERS.com.
Sidebar
Information Technology Laboratory
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include developing technical, physical, administrative, and management standards and guidelines for cost effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance and outreach efforts in computer security and its collaborative activities with industry, government and academic organizations.
—National Institute of Standards and Technology