The circular economy has highlighted just how wasteful our technology consumption habits have become. With the advent of advanced, certified data erasure software, a greater number of organisations are choosing environmentally friendly ITAD services, which destroy the data, and not the device it resides upon.
Although some industry regulations continue to insist on physical device destruction, many companies remain hesitant when it comes to the adoption of more sustainable methods of IT asset disposal.
This is understandable and perhaps only natural given the significant penalties involved should businesses fail to protect company data. The importance of data governance is hammered home by the potentially crippling imposed by . Under the EU and UK GDPR, the ICO has the power to issue fines of up to 20 million euros, (over £17 million) or up to 4% of their total global turnover, whichever is higher. It is little wonder that even the thought of a data breach is more than enough to keep busy CISOs awake at night.
Whilst IT asset disposition services issue a certificate for any ITAD services they provide, advanced erasure technologies create a unique, digital signature – producing a tamper-proof, fully compliant, GDPR data destruction certificate.
Needless to say, this is a far more sustainable alternative to throwing perfectly serviceable devices into the jaws of a powerful data shredder, but it also supplies superior third-party validation of permanent data destruction.
Data erasure is the software-based method of securely overwriting data, multiple times using zeros and ones in all storage sectors. In doing so, the original data is replaced and no usable residual data remains – just meaningless randomised characters. All original data is completely unrecoverable, even with the assistance of advanced forensic tools.
A data deletion certificate will help to ensure your IT asset disposal policy is watertight. This provides independent, third-party verification that your organisation has met its legal, regulatory obligations.
But what is a data destruction certificate, precisely? What information must it include? And should you ever need it as compliance evidence, how can you ensure that it stands up to heavy scrutiny?
What is a certificate of erasure?
A certificate of data destruction is a formal record which details exactly how the data deletion occurred and how this meets the GDPR data destruction requirements.
Leading software registers each stage of the end-to-end sanitisation process. Documenting what, where and how devices were securely cleansed, this demonstrates that all data security laws and ITAD standards are adhered to.
The aims to eliminate the ambiguity around terms, standards and guidelines; they include tamper-proof certification within their formal definition of the correct data sanitisation process.
What information should be included on a data erasure record?
Secure data deletion reports must provide significant detail and sufficient proof of sanitisation so the device itself can be refurbished, reused, or recycled. Evidencing secure procedures demands more than simply recording the time, date, location and specific software used for each asset’s data deletion; although, of course, these elements are required.
There should be detailed information about the asset itself, including the equipment make, model, specification, serial numbers for the hard drives and the asset tag. Corporate information about your ITAD partner must be recorded with a legal statement about the services they delivered on your behalf, along with the name of the experienced technician responsible for undertaking and monitoring the passes performed. The report itself should have a unique identifier or tracking number for auditing purposes.
Industry-leading, Blancco data erasure software features one-way encryption; the hashed digital signature, distinctive for each report cannot be modified or adjusted. This additional layer of security guarantees the PDF documentation’s integrity, originality and authenticity. Blancco’s Management Console acts as a central repository for data deletion certificates maintaining a robust ITAD chain of custody.
Why is a data destruction certificate required?
For data protection compliance.
The vast majority of businesses will collect, store and use Personally Identifiable Information, (PII) and therefore must adhere to the EU and UK GDPR. Although specific legislation differs from industry to industry, all organisations simply must protect company data to remain compliant.
If your business is selected for a routine data security audit or in the worst-case scenario, is subject to a data breach and an ICO investigation, secure data erasure certificates will show due diligence and accountability. As assets pass from the owner to the ITAD supplier responsible for their deletion, each stage is recorded substantiating the traceability of your secure IT asset disposal process.
To operate sustainably.
As more and more businesses recognise the importance of operating ethically, companies are choosing to donate or sell redundant IT assets, upgrade/redeploy equipment, or when required, recycle device components.
However, those looking to do the right thing and recover the residual value from their assets may end up in hot water if the correct data sanitisation processes aren’t followed and evidenced. After all, it’s illegal to sell or donate any data-bearing asset, without its secure data erasure beforehand.
Of course, secure data deletion is not only relevant when the device remains intact. Any redundant IT equipment that has truly reached the end of its useable life can be broken down for its parts to re-enter the remanufacturing industry. Partnering with a trusted ITAD supplier who processes recycling in-house can provide peace of mind that all devices have undergone secure data destruction before breakdown.
To gain customer confidence.
As news reports of data breaches become more common, secure processes are no longer just about legal compliance. Demonstrating strong data governance principles will build confidence and provide reassurance to both customers and stakeholders. Whilst a devastating breach can shatter any organisation’s reputation overnight, transparent, documented data destruction practices can help forge customer trust and brand loyalty.
How do I get a data erasure certificate?
Typically, a certificate of data destruction is issued by professional IT asset disposition services. Highly trained technicians ensure that advanced erasure techniques are performed correctly and that ITAD industry accreditation standards are met at all times, providing independent verification.
Not all data-wiping software produces a substantiated report. However, certified data erasure software, such as Blancco, which some IT asset disposal companies use, automatically tracks and records the entire data destruction process. The system generates a unique certificate for each individual data-bearing asset; protecting your information and demonstrating your legal compliance.
Blancco’s effectiveness, quality and performance has been authenticated by some of the most rigorous global data erasure certifications. The software has been endorsed by global governing bodies including the National Cyber Security Centre; it’s also approved by leading IT asset disposal services accreditation, ADISA 8.0.
The circular, ‘reduce, reuse and recycle’ model highlights the vital importance of data destruction best practices.
Data erasure services provide a sustainable alternative as secure as the physical destruction of the device. Data is completely destroyed through advanced software overwriting so that it is irretrievable by anyone who later comes into its possession, preventing future data security issues.
Mitigating the perceived risks, organisations can adopt sustainable IT procurement and disposal best practices with confidence. We can extend the lifetime value of our end-of-life IT assets through refurbishment and resale; make use of the components we have and prevent unnecessary e-waste.
The third-party certified validation provided by your ITAD partner ensures your legal compliance. Should you ever need it, the auditable, tamper-proof data destruction certification serves as resilient evidence that you have followed the ITAD industry’s best practices, whilst operating as sustainably as possible.
As a Blancco Gold Partner, tier1 provides environmentally friendly ITAD data destruction services that maximise the lifespan of your existing devices and their components. By destroying your data, rather than the device, we can help you operate more sustainably.
Using the very latest data erasure software, our experienced technicians ensure the total destruction of your data, issuing a verified data erasure certificate for each and every device to guarantee your GDPR compliance.
To find out more about Blancco certificates, our sustainable data wiping services or any of our lifecycle management solutions, contact our friendly teams on 0161 777 1000 (Manchester), 01621 484380 (Maldon) or visit www.tier1.com
Resources.
Information Commissioner’s Office, Guardian Data Destruction, Shred IT, Shreadall, PlexStar, Bitraser, Avail Recovery, Tech Reset, Stellar, Blancco.
