August 18, 2015

We’re not digital yet

Cincinnati, August 18, 2015 - In today’s business environment majority of organizations are not paper free; the average office worker still uses 10,000 sheets of copy paper every year, which translates into 4 million tons of paper across the U.S1. Since paper remains such a core component of office life, there are still plenty of printers, fax machines, photocopiers and other similar devices in every office.

Every one of these devices contains a hard drive that stores the confidential information that passes through it. In fact, nearly every digital copier built since 2002 contains a hard drive – just like the one on your personal computer - that stores an image of every document that has been copied, scanned, or emailed by the machine2. Additionally, 80% of corporate laptops and desktops contain sensitive information3. Despite this, little regard is often given to what happens to these devices when they are no longer needed and they are often stockpiled instead of being destroyed4

“Since organizations don’t realize that the devices they use to copy and scan documents are storing that information, they may not take the proper precautions in disposing of their devices, and in turn, their confidential information,” says Bruce Andrew, EVP, Shred-it. “The only way to ensure that information is protected, is to remove and destroy the hard drive before throwing it away, recycling or selling the device.”

According to the 2015 Shred-it Security Tracker 37% of US businesses surveyed have never disposed of hard drives, USB’s and other hardware that contains confidential information5. That translates into a lot of potentially confidential data that could fall into the wrong hands. Simson L. Garfinkel, postdoctoral fellow at the Center for Research on Computation and Society at Harvard University, examined 1,000 used hard drives purchased on sites like EBay, each of which had been considered “wiped clean”, and found highly sensitive data including credit card information, Social Security numbers, tax records, addresses and other pieces of personal information on each6 .

“A commitment to data protection isn’t about cybersecurity or physical security in isolation,” says Lisa Sotto, partner, Hunton & Williams LLP. “It’s about crafting comprehensive policies that are aimed at protecting sensitive data in all forms, from collection through storage and into destruction.”

Once hard drives are obsolete, the only way to ensure that the data on them is completely gone is to securely destroy them.

Three Simple Workplace Guidelines Designed to Safeguard Hard Drives:  

  1. Perform a regular cleaning of storage facilities and avoid stockpiling unused hard drives
  2. Destroy all unused hard drives using a third-party provider who has a secure chain of custody and confirms destruction, to help give you peace of mind and ensure your data is being kept out of the hands of fraudsters
  3. Regularly review your organizations information security policy to incorporate new and emerging forms of electronic media

What types of electronic media can be destroyed?

  • Hard Drives (from laptops, desktops, servers, copiers and more)
  • Backup Magnetic Tapes (any type e.g. DLT, mini cartridges)
  • Floppy Disk (3.5 inch disk, 5.25 inch disks, and many more)
  • Zip Disk (100 MB, 250 MB, and other large disks)
  • Optical Media (CDs, DVDs, Blue Ray, and HD DVD)

Please visit the Shred-it Resource Centre for more information on successfully implementing an information security program in your organization.

About Shred-it

Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. The company operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit

5. 2015 Security Tracker “C-Suite Executives Lead the Information Security Race in America”