Chances are, you are not thinking about hard disk drive disposal when it’s time to get a new computer. You’re so excited about that new system that you your old, clunky tower just sits in your office and eventually gets moved into the dumpster. In today’s digital age, however, it’s more important than ever to be vigilant when it comes to confidential data and proper disposal of hard disk drives. If not disposed of correctly (including sanitization), both you and your company are at risk for identity theft and privacy breaches.
Let’s remember that an unfathomable amount of sensitive data is stored on hard disk drives all over the world. So, what happens to all that sensitive information on retired or redeployed hard drives? In short, a lot of headaches and possible financial loss. Companies may face extreme financial and legal issues and endure major damage to their reputation. In May of 2009, insurance company Health Net was ordered to pay $250,000 in damages to more than 1.5 consumers after a hard disk drive loss containing sensitive information about them was exposed. Health Net was also required to implement “corrective” measures to ensure the incident would never be repeated. It is clear that when a privacy breach occurs, the negative consequences are almost endless.
In fact, there have been several instances over the years in which confidential information was compromised due to negligence on the part of the people responsible for disposing of the hard drives. A few years ago, another case popped up in the media about the discovery of a hard disk drive formerly used by a Northrop Grumman employee which was found on the open market in Ghana. The drive contained hundreds of sensitive documents about the U.S., including contracts with the Defense Intelligence Agency, NASA, and the TSA.
Businesses are not the only ones at risk. Private individuals expose themselves to identity thieves and data breaches daily when they dispose, sell, or give away their old computer systems without properly sanitizing them.
So, what exactly is “sanitization?”
Data sanitization is just one of several terms used to describe various techniques used to render data on a hard drive irretrievable, unreadable, and unusable. Other terms you might hear floating around are “clearing, “purging,” “wiping,” “overwriting,” and simply “erasing.”
In the face of all of the risks described above, the U.S. government has acted to protect consumers by implementing the following regulations on a number of industries to make sure private consumer information is never exposed:
• FACTA (The Fair and Accurate Credit Transactions Act of 2003) includes regulations governing the proper disposal of consumer information for financial institutions.
• GLB (Gramm-Leach Bliley) also covers financial institutions.
• HIPAA (Health Insurance Portability and Accountability Act) includes standards on the security and privacy of health data in the health care and health insurance industries. Under this act, covered entities must “ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains or transmits.”
• PCIDSS (Payment Card Industry Data Security Standards) covers the credit card industry.
• SOX (Sarbanes-Oxley Act) applies to all public US companies.
• FERPA (Family Educational Rights and Privacy Act) protects the privacy of student education records for all schools funded by particular programs of the US Department of Education.
Aleratec offers hard drive disk duplicators that have the ability to simultaneously sanitize up to 11 hard disk drives using Secure Erase, a NIST 800-88 accepted form of sanitization, or one of three different overwrite algorithms, including a powerful 7-wipe pass which is recommended by the Department of Defense 5220.22-M specification. You can find our hard drive disk duplicators here.