Why New Jersey's Hard Drive Shredding Bill is Way Overdue
Last June the New Jersey State Senate unanimously approved SB 2978 and finally removed the environmental licensing requirement for companies that shred electronic storage devices such as hard drives. While a similar bill must pass in the New Jersey Assembly for it to become law, industry officials are confident the outcome will be positive.
Why is this bill – and the physical destruction of hard drives – so critical?
Availability of Services.
New Jersey was the only state that required this type of licensing to shred hard drives. The license cost about $20,000 a year, and only one company was licensed. “Regulators there have been quick to recognize that barriers to competition as well as unnecessary red tape impede economic development and data protection,” said Bob Johnson, CEO of National Association for Information Destruction (NAID). NAID promotes the proper destruction of discarded information.
Confidential data stored on digital devices can be stolen by remote access or by extracting data once the hard drive is removed. Between 2005 and 2012, Privacy Rights Clearinghouse stats showed there were 837 breaches affecting almost 169 million records involving lost, discarded or stolen laptops, smart phones and various portable data-storage devices, according to a Bloomberg.com article.
There are state and federal disposal laws that stipulate confidential information must be protected from creation to disposal with the right media destruction. Failing that, there’s a risk for data breaches, regulatory penalties, and damaged reputation.
Physical destruction is the most effective way to destroy sensitive data on hard drives when it is no longer needed. Hard drive shredding is recognized by National Institute of Standards and Technology (NIST) Guidelines for Media Sanitization. File deletion and disk formatting are actually insecure ways of deleting data. In fact, research has shown that deleted, wiped and degaussed files on hard drives can be recovered. There is also a strong reseller’s market for used computers and networking equipment.
Volume of Information
While computer hard drives are the most often cited storage devices, hard drives –and confidential data – are also on copiers, fax machine, routers and mobile devices. E-media such as backup magnetic tapes, floppy disks, zip disks and optical media need to be properly disposed of too.
Stockpiling unused hard drives in a supply area increases the risk of a data breach. An infographic from information destruction leader Shred-it showed that 46% of businesses stockpile their old hard drives. As long as drives are physically intact, confidential information can be retrieved.
The bottom line is that it’s important to have official processes in place for deleting data. Partner with a knowledgeable and reliable partner that provides hard drive destruction and a secure chain of custody from pickup through on- or off-site destruction and environmentally friendly recycling once media has been destroyed. The company should provide a Certificate of Destruction that documents the manufacturer serial number of each destroyed device as well.
Find out how regularly scheduled shredding can help eliminate a major security threat and also reduce an organization’s environmental footprint.