IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Why the physical destruction of data is outdated and dangerous

Organisations are needlessly creating millions of tonnes of e-waste every year, says Fredrik Forslund

data destruction

According to a recent United Nation's report, 2018 will generate 50 million tonnes in discarded electronics, with only 20%, or 8.9 tonnes, expected to be properly recycled or re-used. With this trend expected to continue, and with ever-increasing levels of technology innovation and ever-shortening product lifespans, something must be done.

To fully tackle and reverse this trend, consumers and businesses alike must be comfortable with the idea of redeploying, selling or donating their old hardware when a product refresh occurs. This means they must feel comfortable in doing so from a security standpoint.

Right now, because of a lack of knowledge around reliable data erasure methods, too many companies and individuals choose to physically destroy their old and unused IT hardware, citing data privacy concerns and the belief that physical destruction will ensure no residual data is left behind.

Rising pollution and falling revenues

As a direct consequence of their actions, organisations are not only polluting the planet, but also failing to generate revenue from their legacy hardware and denying others access to second-hand hardware that might perfectly meet their needs. This also has the secondary consequence of requiring higher levels of production of new IT equipment, which brings its own sustainability concerns.

It's the channel's responsibility to highlight not only the financial consequence of this way of thinking, but the environmental impact as well. If organisations were to implement a data erasure program where possible instead of unnecessary physical destruction, they could ensure regulatory compliance while being able to resell their IT assets when reaching end of life.

recent survey found that 64% of IT professionals were unable to identify the correct definition of data sanitisation (the process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable). On top of this, media reports and data recovery studies have repeatedly proven just how easy and common it is for data to be recovered, and how dangerous that might be for an organisation - all because devices were not sanitised before they were discarded, recycled, traded in or resold.

Misconceptions of what constitutes 'deleted data' may stem from the fact that deleting information from a drive clears the device's space for normal use. The data is not easily accessible under ordinary routine procedures, but for the determined and tech literate, there are still many techniques which can be used to retrieve sensitive 'deleted' data.

Deleting data under GDPR

Every time a data breach occurs, it acts another incentive for companies to opt for physical destruction over recycling, refurbishment or reuse. However, considering the benefits of erasing data properly, there is no need for any organisation to contribute to the massive e-waste problem. Or to eliminate a potential revenue stream and hurt its own bottom line.

Instead of "wiping," clearing" or "resetting," organisations should implement complete data sanitisation. A device that has been sanitised has no usable residual data, and even with the assistance of advanced forensic tools, cannot ever be recovered.

With the impending EU GDPR changes, the consequences of failing to properly dispose of data can be severe. This may include loss of customer data, costs incurred from disclosing a breach, and an impact on customer satisfaction. Fines for failing to appropriately process unnecessary personal data and leaving it vulnerable to a breach have risen to £20 million or 4% of a company's annual turnover, depending on whichever is higher. With data erasure, organisations can erase data in active or inactive environments prior to physical destruction and asset decommissioning processes to ensure, beyond a doubt, that data is gone for good.

Software-based data sanitisation is a more cost-efficient, secure and environmentally-friendly methodology. Channel partners play a major role in communicating this message and ensuring end-users are aware of its benefits.

Fredrik Forslund is vice president of enterprise & cloud erasure at Blancco Technology Group

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Darktrace partners with HackerOne to bring AI to attack resistance
cyber security

Darktrace partners with HackerOne to bring AI to attack resistance

11 Aug 2022
Waterstones suffers stock nightmare after botched IT upgrade
digital transformation

Waterstones suffers stock nightmare after botched IT upgrade

10 Aug 2022
Barclays strikes deal with Microsoft to migrate staff to Teams
collaboration

Barclays strikes deal with Microsoft to migrate staff to Teams

10 Aug 2022
Logicalis snaps up UK-based IT consultancy Q Associates
mergers and acquisitions

Logicalis snaps up UK-based IT consultancy Q Associates

9 Aug 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022