• Home
  • Products
    • Secure Drive Wiping SoftwareSecurely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software Erase & Diagnose iOS® & Android® Simultaneously
    • File Eraser SoftwarePermanently wipe files and folders, and erase traces of apps & Internet activity.
  • Solutions
    • For Enterprise, Govt. & SMBWipe hard drives, laptops, desktops, Mac® devices, mobile phones & rackmount storage.
    • Managed Service Provider & SIGlobally trusted data wiping & diagnostic solutions to augment your managed services competences
    • ITAD & Refurbisher Bulk erase loose drives, laptops, desktops, Mac devices, rackmount storage & mobile devices with centralized control.
    • Individual & Home User Safeguard invasion of privacy at the time of disposing old PC, laptop & mobile phone
  • Resources
    • CertificationsBitRaser - Tested & certified by multiple International Bodies
    • Reports & Certficates Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure StandardsGlobal erasure standards that help you comply to international laws & regulations
    • Technical Articles Series of articles to help understand data erasure & diagnostics
    • Product FactsheetExplore in-depth details of the features, benefits..
    • Deployment Get instructions on using BitRaser for wiping PC..
    • Case Studies Read Our Customer Case Studies Illustrating The Real-World Usage In Diverse Business Scenarios.
    • Frequently Asked Questions (FAQs) Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog Gain Latest Insights Into Data Erasure, Data Protection, Privacy And Regulations.
  • Partners
  • Products

    CASE STUDIES

    The best way to know about our solution is to read our customer case studies illustrating the real-world usage in diverse business scenarios.

    Read All Case Studies

    • Secure Drive Wiping Software
      Securely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network
      Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software
      Erase & Diagnose iOS® & Android® Simultaneously
    • File Erasure Software
      Permanently Wipe Files & Folders, Erase Traces Of Apps & Internet Activity
  • Solutions

    BITRASER® DATA ERASURE SOFTWARE

    Efficient, Easy & Permanent Wiping Of Sensitive Data Across Storage Devices. Guaranteed Data Privacy.

    Learn More

    • For Enterprise, Govt. & SMB
      Wipe Hard Drives, Laptops, Desktops, Mac® Devices, Mobile Phones & Rackmount Storage.
    • Managed Service Provider & SI
      Globally Trusted Data Wiping & Diagnostic Solutions To Augment Your Managed Service Competences.
    • ITAD & Refurbisher
      Bulk Erase Loose Drives, Laptops, Desktops, Mac Devices, Rackmount Storage & Mobile Devices.
    • Individual & Home User
      Safeguard Invasion Of Privacy At The Time Of Disposing Old PC, Laptop & Mobile Phone.
  • Resources
    • Product Certifications
      BitRaser - Tested & certified by multiple International Bodies
    • Sample Reports & Certificates
      Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure Standards
      Global erasure standards that help you comply to international laws & regulations
    • Technical Articles
      Series of articles to help understand data erasure & diagnostics
    • Product Factsheets
      Explore in-depth details of the features, benefits and specifications of our variants.
    • Deployment
      Get Instructions On using BitRaser for wiping PC, Mac, hard drives, mobile devices & files.
    • Case Studies
      Read our customer case studies illustrating the real-world usage in diverse business scenarios.
    • Frequently Asked Questions (FAQs)
      Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog
      Gain latest insights into data erasure, data protection, privacy and regulations.
  • Partners
  • +1-844-775-0101
  • Submit Enquiry

Unsafe Data Disposal: Risk Implications

  • author image

    Written By Pravin Mehta linkdin

  • calender

    Updated on Mar 30, 2021

  • clock

    Min Reading 3 Min

Every IT asset, including data storage hardware, entering an organization’s custody transitions through discrete lifecycle stages. These stages include procurement, allocation, use, reallocation, repair and upgrades, and disposal through transactions like hardware exchange, refurbishment, resale, return (of leased assets), donation, recycling, etc.

Safe data disposal is a critical need across the storage device lifecycle stages. Data disposal laws today require permanent destruction of data (sensitive business information including customer’s data) accumulated over a period on these devices. Storage hardware such as Network Attached Storage (NAS), rack-mounted server, external hard drive, desktop, and laptop, etc., can gather terabytes of confidential and personal data in their lifetime. This information, under the purview of overarching data protection laws like GDPR, CCPA, and the likes can pose severe risks to the custodian organization in the eventuality of a data breach or leakage incident.

This article outlines the data breach risk implications emerging due to unsafe data disposal for organizations, and key considerations to attain compliance and safe disposal of personal data.

What are Common Reasons for Unsafe Data Disposal?

There could be multiple reasons why an organization may fail to attain safe disposal of personal data based on technical and non-technical reasons. For example, a technical reason could be that an organization may rely on degaussing without adequately considering the degaussed magnetic media’s field strength— a fundamental consideration when disposing of data using degaussing. Consequently, the degaussed magnetic media, such as a hard disk drive, contains “residual data,” i.e., unaccounted sensitive information at constant risk of leakage and misuse. Unknowingly, the residual data on the insufficiently degaussed hard drive is potentially recoverable using forensic, in-lab data recovery techniques, causing data breaches to the organization.

A non-technical reason could include lapses in an organization’s due diligence while the storage device is transitioning the chain of custody. For example, gaps in vendor management practice can lead to ineffective data disposal or inadequate/missing audit trails, resulting in data breach incidents, haunting the organization several years later. The Morgan Stanley data breach episode, involving the reporting of two data breach incidents that held the banking behemoth accountably, illustrates the risks and penalties of unsafe data disposal.

Notably, “lack of awareness” concerning residual data’s existence and risks is a root cause of why organizations may fail to sanitize a media per the data disposal benchmarks. The World’s largest Residual Data Study of 311 used devices illustrates residual data prevalence and its imminent threats. The study analyzed used hard drives, smartphones, and memory cards, revealing that 7 in 10 devices were vulnerable to sensitive data leakage. It found that 1 in 4 device owners had used deletion and formatting to dispose of the data, unaware that deletion & formatting does not permanently remove the data.

What are the Risk Implications of Unsafe Data Disposal of Hard Drives & other storage devices?

Failure to use safe data disposal methods like using data erasure software can result in a data breach with risk implications such as financial fraud, IP theft, brand damage, lawsuits, and penalties, resulting in significant monetary losses. A study by Ponemon Institute informs that the global average cost of a data breach for companies was $3.86 Million in 2018, with a 6.4% growth over the preceding year. The following sections outline the major risks of unsafe data disposal and their financial repercussions in terms of penalties.

Legal Penalties

Violation of data protection laws such as EU-GDPR, GLBA, and CCPA and failing to comply with what data disposal laws require can trigger legal proceedings with extensive penalties. For instance, HIPPA violation could result in fines of up to $50,000 per violation for willful neglect, with a maximum of USD1.5 Million per year for violations of an identical provision. Similarly, violating EU-GDPR could result in fines of up to 4% of annual global turnover or €20 Million.

Loss of Goodwill & Market Share

A data breach incident can dramatically affect a company’s market share, causing reputation loss and razing its competitive advantage. For instance, theft of customer information could jeopardize the reputation of businesses like banking institutions, e-commerce websites, social platforms, and the likes. IBM’s 2018 Data Breach study informs that digital business with 1% customer churn due to a data breach suffered a loss of $2.8 Million which could jump to $6 Million for a 4% or higher churn rate.

Financial Fraud

Financial frauds are on the rise, with more transactions going digital. Breach of PII such as social security number, mobile number, name, and financial information like online banking credentials and credit card details can incur a high cost for the business. For example, fraudulent credit card transactions hold the eCommerce merchant liable to bear the loss after the card owner files for a chargeback. The average cost of credit card fraud for the merchant equals $200 per compromised cardholder.

What are Critical Considerations for Safe Data Disposal?

As an organization, you need to make a few fundamental choices to guide your data destruction strategy. These choices include —

  1. Data Destruction Technique
  2. Data Destruction Location: Onsite vs. Offsite
  3. Choosing Responsible Entity: DIY vs Service Provider

1. Data Destruction Technique

Broadly, there are three data disposal techniques: Overwriting (Data Erasure), Degaussing, and Shredding. These techniques use the Clear, Purge, and Destroy methods explained in the NIST SP 800-88 Guidelines. Choosing the appropriate data destruction technique based on the media type is crucial for the effective and safe disposal of data. Do read our article on data destruction techniques for an in-depth insight into this subject while choosing the appropriate technique.

2. Data Destruction Location: Onsite vs. Offsite

Organizations can perform data disposal on-premises (onsite) or off-premises (offsite) with consideration of the applicable advantages and disadvantages. You may see the comparison below to understand the effectiveness and choose accordingly.

Onsite vs Offsite Data Disposal: Comparison

Parameter

Onsite Data Destruction

Offsite Data Destruction

Effectiveness

Highly effective if done using the appropriate method w.r.t the storage media type.

Highly effective, considering offsite data disposal is done at a specialized service facility.

Data Leakage Risks

Low Risk of data leakage as the media remains onsite.

The potential risk of data leakage while the media is in transit to the third-party service facility.

Cost

Onsite data disposal can be affordable and cost-effective if done using data erasure software like BitRaser with pay-per-use licensing. Costs can increase with the involvement of degaussing unit, shredder, & specialized personnel.

Offsite data disposal, being a contracted service, is typically costlier. However, organizations with larger consignments can avail lower per-unit costs with economies of scale.


3. Responsible Entity: DIY vs Service Provider

An effective data disposal strategy is also about defining who performs the data disposal job effectively. The choice is between ‘Data Destruction’ by specialized commercial service providers known as ITADs or Do-It-Yourself using a secure data erasure software to get rid of data securely. For low volumes of devices to be erased organizations may do it themselves. However, for large volumes of devices to be refurbished, the organizations may rely on service providers for IT Asset disposition.

Conclusion

Safe data disposal is critical for organizations to safeguard them from data leakage & risk implications like fraud, customer loss, and litigation. As understood in this article, all storage devices transition through discrete lifecycle stages in the organization’s custody before leaving its possession. Therefore, the organization needs to designate checkpoints, accountabilities, and actions for all these stages as the starting point to attaining the expected data disposal outcomes. Choosing the right methods for data disposal as per the storage media type, data destruction partner & location are important factors for defining the data destruction strategy. Careful and informed decisions based on these considerations can help organizations achieve their media sanitization goals as per the requirements of data disposal laws.

BitRaser is NIST Certified

See All Certifications

Related Articles

Data Destruction Techniques

Jan 18, 2021

Everything You Need To Know About Data Erasure

June 13, 2022

NIST 800-88 Purge Standard For Media Sanitization

Sept 2, 2021


REACH US

Stellar Data Recovery Inc.

48 Bridge Street Metuchen, New Jersey 08840, United States

Call Us

+1-844-775-0101

Email Us

sales@bitraser.com

Follow Us

linkedin youtube

Useful Links

  • About Us
  • Legal Policy
  • Privacy Policy
  • Cookies Policy
  • Sitemap

NEWS AND EVENTS

  • News & Press Release
  • Events

PARTNERS

  • Our Partnership Models
  • Reseller
  • Distributor
  • OEM
  • ITAD

RESOURCES

  • Knowledge Series
  • Technical Articles
  • Knowledge Base
  • Blogs
  • Reports & Certificates
  • Download Brochure
  • Deployment
  • Product FactSheets
  • Case Studies
  • Our Clients

BitRaser® & Stellar Data Recovery are Registered Trademarks of Stellar Information Technology Pvt. Ltd. © Copyright 2022 Stellar Information Technology Pvt. Ltd. All Trademarks Acknowledged.

ISO Certified
NAID VENDOR
ERN VENDOR

We use cookies on this website. By using this site, you agree that we may store and access cookies on your device Read More Got it!

Request Free License

Name*
Email*
Phone
Company
Country*
Number of Devices to Erase*
Details (If Any)
(*) Mandatory Fields

SUBMIT ENQUIRY

SUBMIT ENQUIRY

Usage:    Business   Personal
  • Captcha*
  • 2+5
  • =

  Yes, I would like to receive information regarding BitRaser products and I can unsubscribe any time.

  • Captcha*
  • 2+5
  • =

  Yes, I would like to receive information regarding BitRaser products and I can unsubscribe any time.

Modal body..
24 Internationally Recognized Erasure Standards
NIST Clear
NIST-ATA Purge
US Department of Defense, DoD 5220.22-M (3 passes)
US Department of Defense, DoD 5200.22-M (ECE) (7 passes)
US Department of Defense, DoD 5200.28-STD (7 passes)
Russian Standard – GOST-R-50739-95 (2 passes)
B.Schneier’s algorithm (7 passes)
German Standard VSITR (7 passes)
Peter Gutmann (35 passes)
US Army AR 380-19 (3 passes)
North Atlantic Treaty Organization-NATO Standard (7 passes)
US Air Force AFSSI 5020 (3 passes)
Pfitzner algorithm (33 passes)
Canadian RCMP TSSIT OPS-II (4 passes)
British HMG IS5 (3 passes)
Zeroes
Pseudo-random
Pseudo-random & Zeroes (2 passes)
Random Random Zero (6 passes)
British HMG IS5 Baseline standard 
NAVSO P-5239-26 (3 passes) 
NCSG-TG-025 (3 passes)  
5 Customized Algorithms & more

Listening...