Do not take shortcuts with Data Decommissioning

Posted in Blog

Decommissioning a data center is no easy task. However, when the private credit card data belonging to thousands and thousands of customers is on the line, it’s never a good idea to take short cuts. That’s why at Guardian Data Destruction we take the time to review your unique situation and come up with a custom solution that fits your needs. We combine various individual services into one package, from tracking and auditing equipment, to erasing hard drives, shredding media/drives, disassembling hardware, packaging and removal, and more.

We recently handled the data decommissioning for a national discount chain of apparel and home décor. The client upgraded the register servers at more than 200 stores located throughout the U.S. and Puerto Rico. The hard drives from the decommissioned servers in each store contained customer records and credit card numbers. Moving the decommissioned servers with this data on the drives would have been in violation of Red Flag, DPA and PIC DDS regulations covering data leakage that could result in identity theft and credit card fraud. Therefore, the drives had to be stored securely in each store until they could be properly decommissioned or destroyed. The asset disposition company enhanced its existing relationship with the client by offering a solution to destroy all the hard drives at each store location by relying on Guardian’s national footprint and bonded technicians.

Guardian custom-designed a process for the store managers to follow when its tech arrived. This process was in full compliance with applicable regulations and industry standards over all anticipated equipment scenarios. This included site access, tech authorization, removal of drives from servers, hard drive serial number collection, verification of serial numbers against a master list, customer witnessing of hard drive destruction, and provision of a certificate of destruction to the store manager before the tech left the store. The cost-effective solution exceeded government regulations as well as industry standards for data security and destruction. The project went smoothly because a well thought out process, including escalation protocols, was defined for each on-site scenario. Guardian’s team of bonded, uniformed technicians arrived prepared with hard drive destruction equipment, photo ID’s and appropriate security codes. This project was completed in a 30 day window without impacting in-store activity on high volume days.