Before You Get Rid of Your Electronics, Make Sure You Get Rid of Your Data
Where Is Your Important Data Right Now?
Have you ever stopped to think how much important private information is on your cell phone, laptop and other electronic devices? On your cell phone alone you likely have all of your business emails and contacts. You might have an app that stores your passwords for you. You might have your bank account login information saved in your browser for convenience.
This is an eye-opener from an individual perspective, but then think about how much data a large company stores on its customers. It is the company’s duty to protect that data, keep it confidential, and ensure that it does not leak to unauthorized parties.
What Can Happen if My Data Is Breached?
Think about what could occur if that information was to fall into the wrong hands. At best you could be embarrassed; at worst you could have your identity stolen or your business trade secrets revealed. Sensitive emails could be revealed to the press. The leak of customers’ data could lead to litigation. If you work in a privileged capacity, a court could determine that you took that privilege lightly. You could lose legal rights to keep that data confidential in a court proceeding. Members of specific industries, such as healthcare and finance, could also be punished with government regulatory fines in addition to any civil suits from those whose data was breached.
Why Deleting Isn’t Enough
Keep in mind, merely deleting your data isn’t enough. For example, if you just delete a file, it goes to your recycle bin but the data is never really wiped. Even if you “empty” the bin, it can still be recoverable. Think about all of the criminal cases you hear about where the government was able to forensically analyze a computer and put together information that a criminal has painstakingly tried to hide.
Even electronics that you don’t use with the intent to store information permanently may still be saving your information. A good example of this are copy machines that also function as scanners or faxes or even simply those that can print double-sided. Those functions require the device to first view your document, then it has to temporarily store the information it saw while it performs the next task like flipping over the piece of paper. Even though you don’t use that device with the intent of viewing your data, the data is still there and accessible. This is a big problem if it was to fall into the wrong hands.
One way data lingers is through the concept of ‘slack space’. Files are made up of many little micro-parts. When a file is deleted the microparts stay put until new data is saved in that same spot. It’s more efficient to simply leave the old parts of the file on the disk than constantly be deleting them and it keeps hardware like hard drives from undergoing excessive wear and tear. Even when files are overwritten with new data it is common for parts of the old data to be salvaged.
Old files can often be recovered and put back together like pieces of a puzzle. In order to make sure your data is truly secure upon decommission of your hardware, you need to have it professionally handled.
Electronics Recycling Certifications
Look for companies that hold the right certifications. These include e-Stewards, R2 Responsible Recycling, ISO14001, and NAID:
- Under the NIST-800-88 data security standard, hard drives are overwritten at least SEVEN (7) times before the products are physically dismantled.
- R2 is the EPA’s voluntary standard that stands for responsible recycling. It must be granted by an accredited certification body. R2-complaint companies follow generally-accepted data destruction practices, safe storage practices, and have a comprehensive security program.
- The E-stewards certification was developed by BAN, the Basel Action Network. It is the highest standard available for globally responsible recycling and data security.
- NAID-certified electronic equipment recyclers are independently audited on a per-location basis to ensure they destroy all consumer information from all equipment that passes through their doors.
Responsible Data Destruction
New York and many other states are starting to make electronics recycling mandatory. It is imperative that when you recycle your electronic equipment that you utilize a company that will protect your confidential data and the data of your customers by performing the highest level of data destruction on decommissioned IT equipment.
Make sure you are using a reputable and certified electronics recycling company when you perform your electronic recycling and you will not fall foul to the laws regarding the safe and secure disposal of personal data.