Data management for businesses becomes a challenge when data is no longer needed and contains Personally Identifiable Information (PII) or critical business information that needs to be protected. Today’s Regulatory compliances are becoming stringent regarding data management and how data is collected, processed, and disposed of. An organization faces massive penalties for non-compliance with these regulatory frameworks. Morgan Stanley’s case of non-compliance is an ideal example where they were fined by the SEC for USD 35 million for its failure to safeguard customer’s PII. This incident should be a warning for all businesses that data destruction is a crucial part of data management.
This article cites the importance of adhering to the right data destruction method for the organization keeping in mind the compliance framework, advantages, and disadvantages of data destruction method to protect and safeguard data from leakage.
Safe data disposal is a need in today’s business environment. Traditionally, companies used to dispose of data by formatting drives or by physical destruction methods like shredding and degaussing. However, formatting is an unsafe data disposal method as data can be easily recovered using a DIY data recovery tool. Shredding, although effective, is a highly destructive and environmentally harmful method that contributes to e-waste and eliminates any possibility of reuse and recycling of storage devices. Shredding is detrimental to sustainability and circular economy objectives. Degaussing demagnetizes the storage media.
SSDs
While this process is effective for hard drives, it does not work on SSDs and devices with embedded SSDs like MacBooks. SSDs have NAND chips and do not possess any moving parts (magnetic platters) like HDDs. Degaussing works on a magnetic field and hence cannot be used on non-magnetic storage devices like SSD. The only choice left for an organization to destroy data and stay compliant securely is to overwrite the devices using data erasure software. This method guarantees permanent data destruction and makes the device available for recycling and reuse.
Let’s look at Degaussing and Data Erasure and identify which data destruction method is right.
What is Degaussing?
Degaussing is a technique for eliminating data by subjecting it to a strong magnetic pulse, which effectively eradicates all magnetic information on disk platters. This method can be applied to both operational and non-operational hard drives, tape, and floppy disks. It involves utilizing a device known as a degausser, which destroys the drive’s magnetic field with a more powerful force, thereby destroying the device and the data stored in it.
Features of Degaussing
Degaussing guarantees the irreversible elimination of sensitive data from media. This not only protects against potential data breaches but also safeguards against unauthorized access. Below are some of its primary features-
- Quick and Efficient- Unlike shredding, degaussing is quick and efficient, thus saving a lot of time and effort for companies. Degaussing can be performed on drives; however, this process is not scalable and cannot be automated. This method requires manual intervention. Moreover, as mentioned above, SSDs cannot be degaussed. Further, the cost of degausser could be challenging for small and medium enterprises.
- Compliance with Data Privacy Laws- The degaussing technique helps companies to comply with data privacy laws like GDPR, HIPAA, and others. This technique destroys the device and reduces the risk of data breach. However, it adds considerably to e-waste and is against environmental laws that promote recycling, reuse, and repair.
What is Data Erasure?
Data erasure is when software is used to securely wipe confidential data from a device by overwriting it with binary patterns (0s and 1s), ensuring that no data is recoverable even in the laboratory setting. Unlike physical data destruction methods like Degaussing, the Data Erasure method is environmentally friendly and allows devices to be reused and resold. Further data erasure supports many devices like hard drives, SSDs, MacBooks, PCs, laptops, etc.
Benefits of Data Erasure
Data erasure is a secure choice for businesses looking to wipe various devices, including Hybrid drives, PCs, laptops, servers, or flash-based media. Organizations can rely on data erasure to help them meet compliance with laws and regulations like ISO-27001, CCPA, HIPAA, and EU-GDPR. Below are some of the benefits of data erasure.
Helps meet Data Privacy Compliance
Data protection laws like EU-GDPR CCPA give rights to individuals to ask data controllers to erase their information permanently. Organizations are required to maintain ‘Proof of data destruction’ at all times to stay compliant. Data erasure helps businesses comply with these laws and avoid huge penalties by securely wiping data.
Environmental Impact
Data erasure enhances business sustainability by curbing e-waste and fostering IT asset reuse, notably reducing the carbon footprint from improper disposal. As per Elsevier Journal, reusing hard drives cuts CO2 emissions by 5-18 kg per drive compared to new production. Furthermore, using data erasure, businesses can ensure compliance with regulatory frameworks such as the United States Environmental Protection Agency (EPA) and the Resource Conservation and Recovery Act (RCRA), by reinforcing their commitment to sustainability and regulatory adherence.
Helps Meet Circular Economy Objectives
Circular economy promotes reducing e-waste, reusing devices, and recycling material. Organizations can contribute to the circular economy by using the data erasure method that ensures devices are reused.
Ideal for Wiping Data on Remote Devices
Data erasure provides an optimal solution for remotely wiping devices at distant locations. IT administrators can simply send the software application, and with a single click, the data can be erased. This approach eliminates the chain of custody risks associated with shipping devices between locations.
Cost Effective
Data erasure is a highly cost-effective solution for degaussing. While a Degausser may require investment and specialized equipment that may cost thousands of dollars to an organization, data erasure software generally works on a pay-per-drive model and involves purchasing licenses for the software.
By understanding the fundamental features of both degaussing and data erasure, businesses can decide on the safest and most effective method of data destruction that is favorable to their budgets and the environment and helps meet compliance. If the storage device has numerous bad sectors and is inaccessible, then a physical destruction method can be chosen. However, if the device is in working condition, then data erasure is a superior choice to safeguard sensitive data, comply with legal requirements, and contribute to a sustainable future.
