Why the physical destruction of data is outdated and dangerous
Organisations are needlessly creating millions of tonnes of e-waste every year, says Fredrik Forslund
According to a recent United Nation's report, 2018 will generate 50 million tonnes in discarded electronics, with only 20%, or 8.9 tonnes, expected to be properly recycled or re-used. With this trend expected to continue, and with ever-increasing levels of technology innovation and ever-shortening product lifespans, something must be done.
To fully tackle and reverse this trend, consumers and businesses alike must be comfortable with the idea of redeploying, selling or donating their old hardware when a product refresh occurs. This means they must feel comfortable in doing so from a security standpoint.
Right now, because of a lack of knowledge around reliable data erasure methods, too many companies and individuals choose to physically destroy their old and unused IT hardware, citing data privacy concerns and the belief that physical destruction will ensure no residual data is left behind.
Rising pollution and falling revenues
As a direct consequence of their actions, organisations are not only polluting the planet, but also failing to generate revenue from their legacy hardware and denying others access to second-hand hardware that might perfectly meet their needs. This also has the secondary consequence of requiring higher levels of production of new IT equipment, which brings its own sustainability concerns.
It's the channel's responsibility to highlight not only the financial consequence of this way of thinking, but the environmental impact as well. If organisations were to implement a data erasure program where possible instead of unnecessary physical destruction, they could ensure regulatory compliance while being able to resell their IT assets when reaching end of life.
A recent survey found that 64% of IT professionals were unable to identify the correct definition of data sanitisation (the process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable). On top of this, media reports and data recovery studies have repeatedly proven just how easy and common it is for data to be recovered, and how dangerous that might be for an organisation - all because devices were not sanitised before they were discarded, recycled, traded in or resold.
Misconceptions of what constitutes 'deleted data' may stem from the fact that deleting information from a drive clears the device's space for normal use. The data is not easily accessible under ordinary routine procedures, but for the determined and tech literate, there are still many techniques which can be used to retrieve sensitive 'deleted' data.
Channel Pro Newsletter
Stay up to date with the latest Channel industry news and analysis with our twice-weekly newsletter
Deleting data under GDPR
Every time a data breach occurs, it acts another incentive for companies to opt for physical destruction over recycling, refurbishment or reuse. However, considering the benefits of erasing data properly, there is no need for any organisation to contribute to the massive e-waste problem. Or to eliminate a potential revenue stream and hurt its own bottom line.
Instead of "wiping," clearing" or "resetting," organisations should implement complete data sanitisation. A device that has been sanitised has no usable residual data, and even with the assistance of advanced forensic tools, cannot ever be recovered.
With the impending EU GDPR changes, the consequences of failing to properly dispose of data can be severe. This may include loss of customer data, costs incurred from disclosing a breach, and an impact on customer satisfaction. Fines for failing to appropriately process unnecessary personal data and leaving it vulnerable to a breach have risen to £20 million or 4% of a company's annual turnover, depending on whichever is higher. With data erasure, organisations can erase data in active or inactive environments prior to physical destruction and asset decommissioning processes to ensure, beyond a doubt, that data is gone for good.
Software-based data sanitisation is a more cost-efficient, secure and environmentally-friendly methodology. Channel partners play a major role in communicating this message and ensuring end-users are aware of its benefits.
Fredrik Forslund is vice president of enterprise & cloud erasure at Blancco Technology Group