Get a free quote
For More Information: (800) 731-1909
Posted Mar 14th, 2012

Myth: Transporting Retired Data Storage Devices to Manufacturers is 100% Safe

Many organizations are still using the traditional method of shipping their storage devices back to their manufacturers. In doing so, leading organizations are putting themselves at risk of experiencing a breach due to what may occur during transportation. More recently we’ve seen the following organizations experience this first hand:

1) Bank of NY Mellon transport breach

2) Northrop Grumman Corporation breach where hard drive ended up in Africa

3) Bank of America Transport Breach

Transporting retired data storage devices to the manufacturer is appealing to some because of the immediate monetary value associated with it. Many of the device manufacturers will offer discounts or credits for returning the old or broken devices. However, as seen in the above data breaches, hard drives can be lost, stolen, or go missing during transit. In the event that this does occur, the organization would be forced to notify its customers of a possible breach, bearing the costs and liability. The financial burden associated with a data breach (on average $7.2 million per breach in the U.S.) will in the end greatly outweigh the small amount of money saved by returning these devices.

Though, some companies take steps such as encryption to protect hard drives and other data storage devices during transit, there is no substitute to destroying the data on-site and recycling it responsibly. Methods like on-site shredding and degaussing give a physical witness to destruction of the data and a visible difference in the drives, unlike encryption. It maintains the chain of custody and eliminates the risk of having information go missing when it is in transit. When it comes to information like company trade secrets, customer personal identifying information, and personal health records, physical destruction accompanied with an inventory feature creates unbeatable accountability and assurance.

Check back soon for a follow up post where we’ll give you more information about the pros, cons, and risks of using encryption as your organization’s primary end-of-life data security measure.

Comments are closed