IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Why the physical destruction of data is outdated and dangerous

Organisations are needlessly creating millions of tonnes of e-waste every year, says Fredrik Forslund

data destruction

According to a recent United Nation's report, 2018 will generate 50 million tonnes in discarded electronics, with only 20%, or 8.9 tonnes, expected to be properly recycled or re-used. With this trend expected to continue, and with ever-increasing levels of technology innovation and ever-shortening product lifespans, something must be done.

To fully tackle and reverse this trend, consumers and businesses alike must be comfortable with the idea of redeploying, selling or donating their old hardware when a product refresh occurs. This means they must feel comfortable in doing so from a security standpoint.

Right now, because of a lack of knowledge around reliable data erasure methods, too many companies and individuals choose to physically destroy their old and unused IT hardware, citing data privacy concerns and the belief that physical destruction will ensure no residual data is left behind.

Rising pollution and falling revenues

As a direct consequence of their actions, organisations are not only polluting the planet, but also failing to generate revenue from their legacy hardware and denying others access to second-hand hardware that might perfectly meet their needs. This also has the secondary consequence of requiring higher levels of production of new IT equipment, which brings its own sustainability concerns.

It's the channel's responsibility to highlight not only the financial consequence of this way of thinking, but the environmental impact as well. If organisations were to implement a data erasure program where possible instead of unnecessary physical destruction, they could ensure regulatory compliance while being able to resell their IT assets when reaching end of life.

recent survey found that 64% of IT professionals were unable to identify the correct definition of data sanitisation (the process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable). On top of this, media reports and data recovery studies have repeatedly proven just how easy and common it is for data to be recovered, and how dangerous that might be for an organisation - all because devices were not sanitised before they were discarded, recycled, traded in or resold.

Misconceptions of what constitutes 'deleted data' may stem from the fact that deleting information from a drive clears the device's space for normal use. The data is not easily accessible under ordinary routine procedures, but for the determined and tech literate, there are still many techniques which can be used to retrieve sensitive 'deleted' data.

Deleting data under GDPR

Every time a data breach occurs, it acts another incentive for companies to opt for physical destruction over recycling, refurbishment or reuse. However, considering the benefits of erasing data properly, there is no need for any organisation to contribute to the massive e-waste problem. Or to eliminate a potential revenue stream and hurt its own bottom line.

Instead of "wiping," clearing" or "resetting," organisations should implement complete data sanitisation. A device that has been sanitised has no usable residual data, and even with the assistance of advanced forensic tools, cannot ever be recovered.

With the impending EU GDPR changes, the consequences of failing to properly dispose of data can be severe. This may include loss of customer data, costs incurred from disclosing a breach, and an impact on customer satisfaction. Fines for failing to appropriately process unnecessary personal data and leaving it vulnerable to a breach have risen to £20 million or 4% of a company's annual turnover, depending on whichever is higher. With data erasure, organisations can erase data in active or inactive environments prior to physical destruction and asset decommissioning processes to ensure, beyond a doubt, that data is gone for good.

Software-based data sanitisation is a more cost-efficient, secure and environmentally-friendly methodology. Channel partners play a major role in communicating this message and ensuring end-users are aware of its benefits.

Fredrik Forslund is vice president of enterprise & cloud erasure at Blancco Technology Group

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Google unveils new Assured Open Source Software service
open source

Google unveils new Assured Open Source Software service

18 May 2022
Malwarebytes hires new channel chief to lead MSP and partner network
Managed service provider (MSP)

Malwarebytes hires new channel chief to lead MSP and partner network

18 May 2022
Palo Alto and Deloitte to deliver managed security services in the US
Managed service provider (MSP)

Palo Alto and Deloitte to deliver managed security services in the US

17 May 2022
US and EU thrash out plans to avert chip production “subsidy race”
Hardware

US and EU thrash out plans to avert chip production “subsidy race”

17 May 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022