September 01, 2014
Last week the Information Commissioner’s Office (ICO) issued a £180,000 fine following the loss of a hard drive from a prison in Wiltshire.
The hard drive contained highly sensitive data relating to nearly three thousand prisoners (including details of links to organised crime, health information, history of drug misuse and material about victims and visitors).
Since 2013, five further fines totalling over half a million pounds have been served by the ICO to organisations who have suffered serious data breaches involving electronic storage devices.
Many British businesses - both large and small - still don’t realise that wiping a hard drive before disposal is not secure enough and that the most effective method is physical destruction. As technology evolves, misconceptions have emerged about hard drive and electronic media security. Even if organisations use software to erase, wipe, reformat and degauss hard drives, they are not guaranteed to be fully protected - confidential data can still be retrieved and end up in the wrong hands.
There are numerous legitimate data recovery companies; however the expertise and technology used is inevitably also in the hands of those with less noble intentions than retrieving precious family snapshots or that vital coursework essay stored on the broken hard drive that wasn’t backed up.
Shred-it’s 2014 Information Security Tracker survey discovered that 15 per cent of large organisations and nearly a third of small ones have never disposed of hardware containing confidential data. Despite both the short and long-term negative consequences, many UK businesses choose stockpiling because they don’t know how to deal with the problem and are unaware of the risks to themselves and their customers.
50 per cent of UK businesses surveyed in the 2012 Information Security Tracker mistakenly thought that erasing, degaussing or wiping a hard drive before recycling it was enough to protect their confidential information from being lost or stolen. Another 14 per cent indicated that they simply recycled their old electronic media, making no attempt to safeguard the potentially sensitive information it contained!
This issue is new enough that many companies’ security protocols and procedures don’t account for unused hard drives and electronic media. Instead, businesses often stockpile items with confidential information on them indefinitely, locked away in a cupboard or storage area.
The cost to destroy hard drives is minimal when compared to the potential risks faced when you don’t. Hard drive destruction is the most effective way to permanently destroy all information.
This information sheet covers more about securely destroying hard drives once they’ve reached the end of their useful life.