Data destruction company is responsible for data breach.
Not all data destruction services are created equal.
NHS Surrey, a clinical commissioning group tasked with designing local health services in England, was just fined 200,000 euros after 3,000 patient records were leaked. NHS will now face the arduous task of recovering from the data breach, and restoring the faith of its patients.
Once the trust is broken, especially on such a large scale, it’s tough to repair it. Patients and all customers want to know that the company they have taken that leap of faith with has all the necessary policies and safeguards in place to protect their personal information. This is the part where you’re expecting me to tell you that NHS neglected to address one of the most vital components of a strong data security system, that they did not hire a company to facilitate proper data destruction.
But they did. They just didn’t hire the best. Apparently, the company charged with erasing the data left on retired media at NHS just wasn’t up to the task. Electronics recyclers and data destruction companies do try to resell the retired media they take from their clients after all the information has been erased. The company in charge of NHS’ data destruction sold a retired computer on eBay after attempting to clear the information from the hard drive. But they failed. The person who bought it reported the mistake when he/she discovered thousands of patient records still on the computer.
As the CRN article points out, proper data destruction isn’t easy. Data gets recovered all the time from airplane and even space shuttle disasters. It takes more than brute force to get it done right. It takes industry-leading expertise.
TechR2 is the only onsite data destruction provider with ISO 27001 certification.
There are a lot companies that will claim they provide similar data destruction solutions, but most don’t even come close. The data has to be securely contained and then destroyed onsite by a certified technical staff, otherwise there’s a chance for a data breach.
The crooks are out there looking for this stuff. Just scraping the retired hardware is like inviting them to come see what they can find on your old IT assets. And once they have it, you may not even know about it until it’s too late.
A company that executes proper data destruction should be securely destroying the data from all data bearing devices by a certified method. This ensures there won’t be remnants of your customers’ information or your company’s proprietary information left on the hard drive.
Advanced measures such as these, set the top tier of data destruction companies apart from the ordinary electronics recyclers. But it’s services such as, which provides secure containment, real-time inventory and certified onsite data destruction, that push TechR2 beyond its competitors.
In fact, the International Organization for Standardization (ISO) has deemed TechR2 the only data destruction company in the US worthy of its coveted ISO 27001 certification. This certification is specific to information security standards and practices. If you’re hiring a data destruction company it’s because you want to protect the confidential information of your customers and your company. Why then, would you settle for anything less than the only company in the industry certified specifically for how well they protect information?
Clearly, choosing a great company that specializes in secure data destruction and information security could be the difference between harmony and disaster for your business. What’s even clearer, TechR2 is the best of those choices. Just ask the ISO.