If you're a businessperson, you should know that protecting personal and company data is paramount and that you must exercise extraordinary diligence when destroying old or unneeded data. Unfortunately, thieves have made big business out of identity theft. We all remember the TV ad where a thief rummages through your garbage, ready to steal your important paperwork and identity.
Many regulations and laws outline how to protect valuable information. Federal and state laws like Sarbanes-Oxley, FACTA, HIPAA, and others have strict rules about the protection and disposal of stored or recorded media. They all stipulate that neither business nor individuals may dispose of anything that has, or relates to, private information, without first eliminating the data. In addition, most public, private and governmental entities demand that information like tax returns, information, military and governmental data, trade secrets, product formulas, software codes, etc. be protected. If you fail to comply with these laws and regulations, you could pay a heavy penalty to the tune of around $250,000 in fines.
Degaussing: How It Works
Erasing data through degaussing is one of the most secure ways to eliminate information on magnetic computer tapes and hard drives. Degaussing refers to when a magnetic field using an alternating field of sufficient intensity saturates the media. The field is then slowly withdrawn or reduced and the media is left in a magnetic neutral state, or erased. Degaussing also erases the servo (a program installed on the hard drive by the manufacturer), rendering the drive completely useless.
Some first time users are under the illusion that their degausser must be National Security Agency (NSA) or Department of Defense (DOD) compliant. However, this is a misconception, since regulations like FACTA and HIPAA are only guidelines that neither specifically lay out a way to eliminate proprietary data nor tell you which equipment you should use when doing so. They simply state that you have to do it. Similarly, the DOD does not approve of anything, but rather recommends. Though the DOD has recommended products in the past, it has not tested or recommended products in several years. In fact, none of the degaussers that degauss high coercivity tapes or drives today have been tested by a single government agency. This does not mean newer degaussers will not work. To make matters even more confusing, the DOD blessed some products years ago, but those products have limited megabyte capacity and erasure capabilities and are usually out of date.
Buying A Degausser: What To Know
Take present and future hard drive capacity into consideration when looking for a new degausser. You should do this because within the last year, most degausser manufacturers recognized a severe increase in gigabyte capacity and have had redesigned their degaussers to match.
Don't pinch pennies when it comes to destroying sensitive information. Depending on your company's specific structure, a new degausser could depreciate over several years as a capital expenditure. I sometimes field requests for an inexpensive degausser to erase today's higher capacity drives and media. I equate this to someone seeking a heart transplant for the cost of an oil change. Truth be told, hard drives and magnetic tapes have become far more complicated in recent years. Diskettes, round reel tape, and tape cartridges are made of gamma ferric oxide and are somewhat easy to erase. Today, computer tape and hard drives are made of metal particle oxide. This material, together with the higher capacity of smaller discs, makes them extremely hard to erase. Factors like continuous duty machines, larger magnets and faster degaussing times lead to higher costs, and you must be willing to allocate part of your IT budget to equipment that satisfies your security requirements. After all, a new degausser costs far less than a costly security breach.
Be ready to ask questions about the warranty and any other services provided by the retailer when you go to buy your degausser. I highly recommend a service that recertifies your degausser on an annual basis at little to no cost to you. In fact, the DOD recommends testing each degausser at least once a year if continued use is expected.
Existing Degaussers
If you already own and use a degausser, do you know for sure if it is properly degaussing your media and hard drives? Has anyone in your company read the manual to see what its degauss capability is? For that matter, do you even know where the manual is or if the degausser has ever been tested? Do you have a security program in place to keep track of old drives and tapes? If you fail to track such information, you could take on liability for "Avoidance of Tolerance Risk." Not exactly a smart move for a savvy business. Degasser Services
Some companies choose recycling facilities or degausser service companies to dispose of disks and information in an environmentally friendly manner. However, this may lead to "Transfer of Liability" issues that many end users and recyclers have no exist. Liability for any information on media does not transfer from the originator of said media to the recycler\service firms, or one that accepts the equipment. Failing to select the right recycling\service firm can come back to haunt you. Better to ask the right questions from the get-go.
When you choose your recycler, be prepared to ask questions that cover liability transfer obligations. You want to be sure that all stored media and tapes are fully degaussed. Ask questions like "has the degausser ever been tested?" "how old is it?" "will the hard drive be resold once it is overwritten?" "how do you know it works?" In addition, make sure an accountability program is in place to track the media's destiny or log the drives before destruction. Asking the right questions will save your company money in the long run. However, remember that the ultimate responsibility for degausser liability lies with you.
Malfunctioning Equipment and Returns
Hard drive malfunctions may be caused by factors like board problems or head-to-disc interference. In some cases, you can recover the cost of a drive under warranty by returning it to the manufacturer. In others, you might have to send the drive or tape to a reseller, who then forwards the media to the manufacturer. In either case, the information already on the drive could be in danger of compromise.
When returning a defective piece of equipment, remember that passing the tape or drive to someone else does not remove you from potential liability. Ultimately, responsibility for the information that resides on the tape or drive still lies with your firm - no matter whom you give the drive to. For this reason, you really need to know how your product will be handled. Use the questions outlined above as a guide for finding out what will become of your drive.
It's up to you to protect sensitive information by properly degaussing drives and media. Ultimately, you should treat the data of others as you would wish yours to be treated. Even when your information is stored on another firm's media, you should not give up responsibility for its whereabouts and security. These degausser tips and tricks should help you uphold your obligations and avoid stress and liability.
Copyright (c) 2008 Peripheral Manufacturing, Inc.
