Once a computer reaches its end of life, it can be recycled, but first, you need to wipe the data. It's simply a protective measure, especially if the hard drive contains sensitive data. Here's a look at current data destruction standards to ensure confidential information is removed from the hard drive.
National Institute of Standards (NIST)
The data destruction standards used in the United States are set by the National Institute of Standards (NIST). These standards were designed to help IT managers make appropriate decisions about cleaning computers. The NIST 800-88 Revision 1 guidelines published in December 2014 include data destruction guidance for the following technologies:
- IT Hardware
- Networking devices
- Mobile devices
- Magnetic Media
- Optical Media
- RAM, ROM, and Flash storage devices
Additionally, cryptographic erase (CE) is a process that involves sanitizing the media encryption key for the encrypted target data. It's a useful solution when data is encrypted as it's stored on media. Although it's not really wiping the data itself, it effectively makes access to the data unlikely. The main drawback to CE is that it's hard to confirm the media is sanitized.
Many businesses must now maintain a written Identity Theft Prevention Program as required by the Federal Trade Commission's Red Flags Rule. NIST guidelines for media sanitization involve completing a form that includes details including manufacturer, model, and serial number. Once the form is completed, NIST will issue a Certificate of Destruction.
Different Industry Standards
NIST has developed standards for different industries to deal with specific risks. The National Security Agency, for example, follows the NSA 130-1 standard. This process involves a 3-pass overwrite, which is achieved by using proprietary erasure methods developed by Blancco. The company develops firmware that performs multiple overwrites, freeze lock removal, and full verification.
Many states now have regulations on how e-waste is disposed of. A recycler's job involves destroying a computer and turning it into something useful. Computer destruction is a process that removes all useful parts. It's the most common form of computer recycling, as it differs from just wiping a hard drive then reusing the machine.
Hard drives can be destroyed in three main ways: shredding, degaussing or erasing. It mostly depends on the security level of the data. Shredding a hard drive is the most secure way to meet NIST compliance. NIST divides information into three classes based on a high, medium or low security level. It's up to you how you classify your data.
Prior to delivering your e-waste to a recycling center, it's wise to take time for removing confidential data. Deleting files isn't good enough since the files are still written to the hard drive. Make sure the recycler you deal with is certified by the Environmental Protection Agency (EPA).
Various data destruction standards established by NIST exist, depending on the industry. Contact us at West Coast Computer Recycler for more information on ensuring private data is removed from end-of-life computers. We are EPA-certified and ready to help you meet compliance with NIST standards.