End-of-life data destruction: A missing link in cybersecurity

By SIPIAR Team on 8/23/2017


End-of-life data destruction is the missing link in cybersecurity.
End-of-life data destruction is the missing link in cybersecurity.
Properly disposing of IT assets once they've reached the end of their lifecycle presents a multifaceted organizational challenge. That's why some cost-conscious businesses may simply view standard data destruction practices as an unnecessary expense. Are they correct?


The recent record of data breaches that stemmed from improperly disposed IT assets is long and touches many different industries and jurisdictions. In one notable recent example out of the U.K., regulators for the National Health Service found that several PCs from local offices had been sold while they still contained sensitive patient data. Sky News reported that because proper data destruction practices were not followed, as many as 3,000 patients could have had their personal health and financial information leaked this way. NHS regulators only became aware of the situation when one of the second-hand buyers found the data on their PC and reported it.

"Proper end-of-life data destruction more than pays for itself."

The University of California at Santa Cruz found that these data breaches have occurred in the U.S. as well. Similar to the NHS case, UCSC noted that four hard drives sold on eBay by the Idaho Power Co. were found to contain hundreds of thousands of documents with employee Social Security numbers, confidential executive memos and more.

What's the worst that could happen?
Data breaches caused by improperly disposed IT assets exert an unknown but almost certainly significant toll on any business that's careless enough to allow such mistakes. Like any instance where sensitive data is lost or stolen, the costs involved in cleaning up the mess are only the beginning. Consider the infamous data breach suffered by retail giant Target in 2013, which was thought to affect some 41 million customers after credit card and personal information was stolen. While the attack did not occur because of improper data disposal, Target was found liable and agreed to pay $18.5 million as part of a class action settlement.

Beyond legal fees and mitigation costs, perhaps the biggest loss from this incident was the harm inflicted on the Target brand. The same holds true for any business that falls prey to cybersecurity failures, no matter their size. That's why the cost of standard end-of-life data destruction methods will always pale in comparison to the risk of bypassing those standards.

When data breaches happen, it's not just customer data that could be lost or stolen - consumer trust is also irreparably damaged. When organizations implement best-practice data destruction protocols on their old IT assets, everyone comes out ahead and benefits immensely.

Sipi Asset Recovery specializes in a full suite of IT asset disposition services with a hands-on approach. Get in touch to learn more about why your business may need to do more to protect your customers' and employees' data.