Disposing of IT assets: "You found what on those hard drives?"

Blogs and Articles

Some organisations dispose of their IT assets by recycling what they can and discarding the rest.

17 October 20177 min
Disposing_of_IT_Assets | Iron Mountain

Some organisations dispose of their IT assets by recycling what they can and discarding the rest. For others, this process involves reselling parts that still hold some market value. Although today’s industry has a strong focus on compliance, governance and security, there are still several accounts of sensitive business or personal data falling into the wrong hands due to the improper disposing of IT assets.

As CIO reports, Kessler International conducted a 2009 survey in which it purchased 100 used hard disk drives on eBay. The study found that 40 percent of the purchased drives contained sensitive corporate data and personally identifiable information (PII). Unfortunately, the improper disposal of IT assets continues to be a problem today. As The Register reports, a 2016 study conducted by Blancco Technology Group (BTG) analysed 200 used hard disk drives that were purchased through the likes of Craigslist and eBay. BTG found that only 10 percent of the drives had undergone a secure data erasure process. Furthermore, 67 percent of the drives contained a wealth of PII such as social security numbers and resumes. Unfortunately, this study shows how a breach can affect both consumer and organisational data. The information on the drives included assets such as company emails, CRM records, sales spreadsheets and product inventory data.

With all the potential data breach risks that come with the process of disposing of your IT assets, you might want to reach out to an experienced service provider to perform a proper and secure media destruction service. However, it’s important to be wary of the provider you choose. As Computerworld reports, a power company found itself in hot water back in 2006 when 84 of its used hard drives were purchased by various parties on eBay. These drives contained detailed power grid diagrams, lawsuit data and employee social security numbers. This situation was a direct result of the fact that the utility company had contracted its asset disposal to an unreliable service provider that resold the drives without performing the necessary erasure procedures.

This public utility company’s experience can be seen as a cautionary tale: You must tread carefully when trusting other companies with your data. That being said, taking on the task of proper IT asset disposition (ITAD) is no small feat, especially when you have a lot of assets.