On the scale of a data Center or a small cloud, an ordinary hard drive is such a trifle that is bought by thousands and hundreds of breaks, returns to the supplier and changes back. But as soon as the drive gets personal data of ordinary people or confidential data of the company, it is treated as a radioactive element. While the hard drive is new and works, everyone is happy, but if it breaks down or goes out of service by age, it can not be either simply thrown out or returned to the supplier, without making sure that the information from the disk is deleted without the possibility of recovery. It is not enough just to take and erase data, the process of their removal must meet certain requirements and be recorded in a certain Protocol, such requirements are imposed by the legislation of developed countries.
No one thinks about the disposal of personal data
Data centers still do not have well-established processes for recycling old hard drives that may have sensitive company or customer data. A recent survey by Blancco’s data Erasure experts shows that most organizations are unable to properly dispose of discarded drives, risking fines for disclosing customer and employee information or spending hundreds of thousands of dollars storing faulty equipment that they could return under warranty. Often, when working with sensitive data, the organization imposes on the supplier all the costs of replacing failed drives. This process looks quite simple: the hard drive is broken - bring a new one under warranty, we will write you an act, but we will not give the old HDD, since you can extract secret data from it.
In some cases, such a position even allows you to teach a lesson to an unwanted supplier who won the tender for the supply of a storage system: the customer can declare to the supplier that all hard drives are out of order and require replacement, and since they contain personal data, it is not possible to conduct an examination or check their performance. My colleagues once met with such a situation.
To make matters worse , more than 600 data center professionals around the world who participated in the Blancco survey did not even think that their methods of storage and disposal of HDD are not safe and do not comply with such as the General data protection rules in Europe (GPDR) or the California digital privacy Act, which comes into force in January 2020.
Hard drive destruction machine manufacturers
- UNTHA - shaft shredder for every taste. Model RS 30/40 is designed for grinding discs.
- Ultradisc - magnetic destruction of tapes, hard drives, magnetic media
According to the Same Blanco question, only a third of respondents admitted that their company has not only instructions for cleaning hard drives before disposal or return under warranty, but also installed the appropriate equipment. The remaining two-thirds prefer to store old equipment, even if they are legally obliged to send it for disposal.