KLDiscovery, the data recovery and ediscovery services leader, advises caution to businesses on International Recycling Day (17th May). Being green and recycling equipment is an admirable objective, but it’s vital to destroy the data that is stored on your disused servers, laptops, computers and mobile devices if it is not to be at risk of falling into the wrong hands.
In the UK disposal of electronic equipment is the fastest growing waste stream, with an estimated two million tonnes of electrical and electronic waste disposed of each year. With this amount of waste recycling old or unwanted equipment has to be a good thing to do especially for companies that have a lot of unwanted electrical equipment. It keeps old computers, servers and smartphones out of landfill sites and it means that new products don’t rely so heavily on raw materials as some of the old materials or even parts from previous models can be reused.
Most electrical equipment can be recycled from servers and desktops to laptops and smartphones but should be done through appropriate channels as can be found via DEFRA or even sending back equipment to the manufacturer. Dell, HP and O2 all offer these services.
Legislation on the disposal of electrical equipment is enforced from Europe in the form of the Waste Electrical and Electronic Equipment Directive and with overlap from the Waste Acceptance Criteria issued by DEFRA in the UK, but often during the recycling or disposal process the Data Protection Act 1998 is overlooked.
Discard equipment and data responsibly
KLDiscovery and its partner Blancco recently undertook a research study called Privacy for Sale to find out how much data could be found on second-hand devices. Researchers examined 122 pieces of second-hand equipment, and found that 48 per cent of hard disk drives and solid state drives contained residual data, while thousands of leftover emails, call logs, texts/SMS/IMs, photos and videos were retrieved from 35 per cent of the mobile devices.
Upon closer examination, researchers discovered that a deletion attempt had been made on 57 per cent of the mobile devices and 75 per cent of the drives that contained residual data, showing that even returning devices to factory settings does not necessarily erase personal information.
Phil Bridge, Managing Director of KLDiscovery, commented: “Businesses go to great lengths to protect data in equipment they are currently using via encryption, backups, and redundant systems but often the data which has been protected so carefully is easily stolen from disused equipment if not properly destroyed. If the data was once worth protecting it is worth permanently deleting and businesses in particular need to make sure they dispose of data as carefully as they protected it.”
Recommended top methods for destroying data:
When recycling your old equipment
Erasure software – the software overwrites random binary sequences over existing data. This is done several times to minimise the risk of any data recovery. Beware though that different media devices (HDD, SSD, Flash) may need different techniques to successfully delete the data.
When throwing your equipment away with no possibility of reuse
Degaussing – this method works on devices reliant on magnetic opticals. It ensures rapid deletion through a demagnetisation process. This method is best used for damaged media or devices which will not be reused.
For more detailed information on sanitising devices, consult this secure deletion guide book. As with all things regarding sensitive data, if there is any uncertainty, it is always best to ask an expert. Nobody wants to risk their business sensitive data falling into the wrong hands by letting security fail at the very last step of the data lifecycle.