Edition 113, April 2021

Why Professional and Responsible Data Destruction is Essential for Any Business in 2021

By Kevin Dillon, ERI

In 2021, with cybercrime and data breaches at an all-time high, data destruction should be on the top of any business’ priority list.

For the vast majority of organizations that have papers, storage devices, or electronic items that are no longer needed, it is critical to not just throw them away. In this day and age, we can no longer undervalue the importance of having professional data destruction steps in place.

Go back a decade to 2011. At that point, data and information creation was at around 2 zettabytes. That’s a trillion gigabytes. Now, skip forward to 2021. In just 10 years, the creation of data and information has increased to an estimated 59 zettabytes. This information is stored in clouds, hard drives, USB sticks, and countless other devices.

Many individuals mistakenly believe that restoring an item to factory settings deletes data. Some think that erasing files is enough. That simply removes paths to the information, but is not effectively destroying the actual data. Some companies take shortcuts when it comes to keeping records and lists of electronic items being recycled. If your business is deleting data in that manner before recycling, donating or selling old electronics, you’re making a potentially dangerous mistake.

Any data containing a company’s intellectual property, or its customers’ or employees’ personal information must be secured for obvious reasons. Before a business disposes of old, unused electronics, professional data destruction is essential.

The first key point that companies need to know is that they should not take the chance and destroy data on their own. Chances are they will not do it correctly or completely. If someone steals information that wasn’t properly destroyed, not only do businesses today face huge fines, they also face significant damage to the company’s reputation.

Damage to a reputation is especially important to consider. It’s estimated that about 60% of small and medium-sized companies that are impacted by a data breach end up going out of business within six months. Partner with a professional data destruction firm and lower the risk of fines and lost business.

In major global companies the single biggest risk today is loss of data, and penalties are now linked to company turnover.

How Much Does a Breach Cost?

Beyond the often irreparable damage done to a company’s reputation after a breach is publicized, fines have become a very real consideration. The amount companies who have suffered a breach pay in fines varies. For example, if the company manages medical records, improperly destroyed data can violate HIPAA. Fines for HIPAA violations can be as high as $1.5 million.

Financial institutions are bound by the rules of the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act. While FCRA fines can be as high as $3,756 per violation, Gramm-Leach-Bliley Act violations come with penalties of up to $1.1 million. One national health plan was recently ordered to pay fines of $1.2 million for a case where the information of more than 344,000 people was found on copier hard drives that the managed care plan provider had leased. When they returned the leased copiers, the information had never been destroyed as per HIPAA rules.

The news is filled with stories of retail giants, financial services companies and social media companies, among other sectors, being hit with multi-million-dollar fines after breaches where their electronic devices may have contained customer information.

Sometimes, fines aren’t immediately proposed, but court-ordered actions are imposed. One Australian bank was found to have lost magnetic storage tapes containing records for upwards of 20 million bank customers. While it believes the tapes were destroyed, the bank didn’t get proof of the destruction. As a result, the bank was ordered to improve its security practices and warned that fines would be next if full compliance was not met.

What Professional Data Destruction Entails

What data destruction methods are used to make sure data is truly destroyed and impossible to retrieve? Carried out on site or at a process facility, there are three main methods:
Data Destruction Software: Computer programs overwrite the information on drives with strings of numbers that don’t mean anything. Once the overwriting is repeated as many times as the software requires and has a 100% pass rate, the drive can be used again.

Degaussing: Uses high-strength magnetic fields to scramble and erase data from the surfaces of drives. It’s a permanent measure that renders the drive useless. This makes it more secure than software that destroys the data.

Shredding: The drives are placed into giant shredders that chop the item into small fragments. The drive can never be used again, and the metal, plastic, and glass fragments go into the recycling stream for reuse.

Before any of this is done, data destruction companies start the paper trail. An inventory of all devices being managed is developed. It includes the item and serial number.

When devices containing data are sent to a facility for processing, real-time tracking is important. Tracking numbers with the shippers ensure the items’ locations are always known. Tracking continues when it reaches the facility and is moving from one processing area to the next.

After the data is destroyed, and if security protocols permit, items may be refurbished for resale. If there is still life in an electronic item, repairing it and selling it as a refurbished item provides a sustainable solution.
On completion, a certificate of data destruction and/or a certificate of recycling is issued. Businesses should keep this certificate as it’s proof that you took all the right steps to be fully compliant with the current regulations. Companies like the Australian bank mentioned above that don’t have proof have a harder time proving they were compliant and may end up losing money and facing lawsuits.

Professional Data Destruction Keeps Up With Regulatory Changes

The final reason to partner with a professional IT Asset Disposition (ITAD) provider is because complex data and environmental regulations are ever-changing. If you’re not up-to-date on these changing laws, you could make a costly mistake. Proactive ITAD providers know the laws and make sure they’re always in compliance. It’s less hassle for you and makes sure your data destruction project is done correctly.

Make sure you partner with an ITAD provider that is certified. Look for certifications from NAID AAA, R2, e-Stewards, and ISO 9001. These four are only given to e-recyclers who pass stringent in depth audits to guarantee they follow strict processes, laws, use environmentally-responsible practices, and maintain security at all stages of data destruction.

ERI is a NAID-certified data destruction company at the highest level of certification (AAA). Our standard processes ensure data is destroyed following one of four levels of data destruction starting with Standard Compliance, which meets NIST 800-88 Rev 1 rules.

Certifications are not the only factor to consider. When selecting an ITAD provider, find out who has partnered with the company in the past. ERI, for example, has helped many of the world’s leading brands with their data destruction and/or e-recycling needs.

Kevin Dillon
As Co-Founder, Chief Marketing Officer and Chief Sales Officer of ERI, Kevin Dillon oversees all of ERI’s corporate sales and marketing efforts, acquisitions and business development. With a pivotal role in building ERI from the ground up, Dillon has helped lead ERI to its current standing as the largest fully integrated electronics and IT asset disposition provider and cybersecurity-focused hardware destruction company in the United States. ERI now has the capacity to process more than a billion pounds of electronic and IT assets annually at its eight certified locations, serving every zip code in the United States and can support customers in more than 100+ countries globally. Learn more at www.eridirect.com.