top of page

5 Things to Look for in a Hard Drive Destruction Company

Protecting confidential or commercially sensitive information is a priority for all businesses. Equally important is the proper elimination of data, whether in the form of paper shredding, digital erasure, or physical destruction of hard drives.

Depending on the industry and the nature of a business’s information, different levels of data destruction may be warranted. Computer upgrades, negotiated deadlines, and other contractual and legal requirements may require that hard drives be wiped clean or destroyed altogether. Data centers have an even higher level of obligation to ensure that their customers’ data is handled appropriately, including when hard drive shredding is warranted.

Data center relocations and data center migrations often present opportunities to upgrade IT equipment and move data to faster, more powerful hard drives or to move data from physical hard drives to the cloud. Instead of depending on data center staff to destroy the old IT equipment, data centers should hire a hard drive sanitization and disposal company.

This protects the data center and the data center’s customers. The physical, electronic, and software-enabled aspects of modern computer infrastructure make true data destruction more nuanced than ever. If done incorrectly, data can remain accessible even from a scrap heap.

Consider these factors before hiring a hard drive destruction company.

1. Regulatory Conformance

Before contracting hard drive or data destruction to a company offering these services, ensure the company knows the pertinent regulatory guidance. The National Institute of Standards and Technology (NIST) has set forth rules for data destruction in response to the needs of public sector agencies. Many private sector industries (such as the legal and health sectors) have adopted NIST guidance as a standard. In some instances, compliance with NIST or other legal frameworks may even be a legal or contractual requirement.

NIST 800-88 defines three primary modes of data sanitization:

  1. Clear - refers to overwriting data with software and is typically done with less sensitive data. This enables the physical data storage device to be used again, which saves money and avoids electronic waste.

  2. Purge - refers to more systematic media erasure methods using complex programming, which may be accompanied by physical methods that alter the actual hard drive. This mode is used for more sensitive data and results in permanent modification.

  3. Destroy - refers to using physical methods that destroy the physical hard drive so it’s not salvageable for future use and must be properly disposed of. This method is used for highly sensitive or confidential data and must be performed to certain standards.

When discussing hard drive and data destruction scope with hard drive shredding companies, data centers should ensure that the companies are able to articulate NIST definitions and requirements they are abiding by or refer to other regulatory framework which governs their process. Otherwise, scope disputes or unforeseen liability issues may arise.

2. Certification

The hard drive destruction company should be AAA-certified by the National Association for Information Destruction (NAID). This organization is responsible for ensuring that digital and written/printed information are properly destroyed. By providing certifications, NAID adds a layer of assurance that a company is qualified to perform these services.

NAID provides process details and performs audits to ensure that hard drive shredding companies have the correct personnel qualifications, equipment, insurance, and quality control procedures.

3. Hard Drive Sanitization and Destruction Processes

Different techniques can be used to destroy data or hard drives. The method used will depend on the required level of data sanitization or physical destruction.

Hard disk drives (HDDs) and similar technologies store information differently than solid-state drives (SSD). Traditional HDDs operate on magnetic storage and can be cleared using a degausser, which permanently erases data by neutralizing the magnetic properties of the drive platters. Degaussing is done even if the HDD will be physically destroyed. However, a degausser cannot be used on SSDs because solid storage is based on flash memory technology instead of magnetic platters, and are erased by a method that rearranges the electrons on the chip. There are several different ways to securely erase SSDs, and a qualified hard drive destruction company will be familiar with all of them.

While hard drive shredding is the most common method of destruction, other techniques, such as puncturing and pulverizing, are acceptable in some circumstances. NIST defines proper destruction methods to achieve a 2-mm residual particle size.

4. Chain of Custody and Certificate of Destruction

Hard drives should be properly tracked and identified throughout the destruction process. Any company tasked with destroying data or physical hard drives must be able to produce chain-of-custody documentation to confirm who had access to the device and that it was not compromised during potential gaps in oversight.

Additionally, NIST requires that a Certificate of Destruction be issued for any destruction procedure for each hard drive and that the procedure was completed. The destruction method and corresponding guidance or regulations should also be included on the Certificate.

Data centers should not use hard drive destruction companies that don’t include Certificates of Destruction and proper chain-of-custody reporting in their scope of work.

5. Operational Details and Costs

Data centers have standard business decisions to consider as well.

Performing the destruction service at the data center may be preferable to having the company remove the devices and perform the work offsite. This can impact the chain of custody risk but may also be desirable from a delivery or time allocation standpoint.

Waste management is another aspect of computer disposal that may need attention. If physical destruction happens, e-waste should be disposed of properly. This should be reflected in the corresponding documentation or integrated into any existing recycling programs. Ask the company if they can produce evidence of recycling as part of the process. Clearing data instead of destroying hard drives is a sustainable option if it’s allowed for the type of data being stored.

Cost is also something to consider. If there are significant additional fees for the type of destruction, regulatory compliance, e-waste management, or other standard steps to the process, it may be best to look for another hard drive shredding company.

Do Thorough Research

Choosing a hard drive destruction company is not as easy as finding a company that shreds computer parts. Important considerations are attention to regulatory guidelines, the type of data being handled, and quality control.

bottom of page