Electronic Data Destruction 101: Shredding

Posted in Blog

Glenn Laga

Shredding electronics is the most secure and cost-effective way to dispose of all types of end-of-life computer hard drives, solid state drives, media tapes, printed circuit boards, tablets, smartphones, CDs and DVDs, film and video tape, motherboards, silicon chips and credit card swiping devices. Shredding services are best for businesses with large data centers (enterprise sites) or a stockpile of old hard drives and media tapes because it is a fast, efficient and cost-effective process.

 What is electronic shredding or e-shredding?

Electronic data destruction by shredding destroys the drive platters, mechanisms, and electronic components rendering the data virtually unrecoverable. Complete physical destruction and smaller shred sizes ensure that your digital data is permanently destroyed. Using hard drives as an example, the typical shredding process consists of the following steps:

1. Remove hard drive from the host unit.
2. Capture the serial #. (Option: marry serial # to host unit for improved chain of custody documentation.)
3. Issue chain of custody documents to transfer possession/ownership of the equipment and move to mobile data destruction truck.
4. Feed hard drives into shredder.
5. Shredder slices and dices into small pieces.
6. Shredded byproduct recycled by R2 or e-steward recycler.
7. Certificate of data destruction listing serial # and location and date.

Why shred?

Thirty percent of data leakages occur because someone finds valuable data on discarded equipment. The bigger the data, the larger the risk for a big data breach.

• To protect your company data from cyber-attacks, information theft, credit card fraud and other costly data breaches. NAID AAA certified data destruction vendors ensure the highest level of security when disposing of old IT equipment.
• To avoid penalties, lawsuits, and criminal proceedings resulting from non-compliance with industry standards and federal and state laws and including Gramm-Leach-Bliley (GLB) Act; Fair and Accurate Credit Transactions Act (FACTA); Health Information Portability and Accountability Act (HIPAA); National Institute of Standards and Technology (NIST); Payment Card Industry (PCI DSS); Health Information Technology for Economic and Clinical Health Act (HITECH Act); and NSA and DoD standards.

 Which shredding service should you choose?

Depending on the amount and type of material that requires shredding, many companies choose onsite hard drive shredding providers. Your personnel can witness the end-to-end process to maintain the highest level of security and eliminate security and chain of custody concerns.  Guardian recommends that you ensure that your provider will scan and shred all hard drives and media tapes etc. and provide a certificate of destruction that confirms all data is appropriately destroyed.  And, choose an electronic data destruction company that will also ensure the proper recycling and disposal of shredded materials in accordance with environmental protocols.

To check if shredding is the right form of electronic data destruction for you we recommend that you consult with your IT equipment VAR or contact Guardian directly. They can review the volume, and type of equipment, frequency of disposition, and factors such as industry regulations, customer requirements and your company IT management, security and privacy policies.

Electronic Data Destruction 101: Chain of Custody