614-322-2222 or 877-770-8324

The High Cost of "Free" Data Destruction

Mar

13

The High Cost of "Free" Data Destruction

The High Cost of “Free” Data Destruction

cyber security reform

cyber security reform

IT asset disposal made headlines around the world last week when the UK Information Commissioner’s Office (ICO) fined NHS Surrey £200,000 (about $300,000) over loss of secret data of more than 3,000 patients.

According to the data watchdog, thousands of patient records were discovered on a second-hand NHS computer that had been auctioned online after undergoing a “free” data destruction process.

ICO head of enforcement, Stephen Eckersley said the facts of the breach are truly shocking.

“NHS Surrey chose to leave an approved provider and handed over thousands of patients’ details to a company without checking that the information had been securely deleted,” Eckersley said.

“The result was that patients’ information was effectively being sold online. This breach is one of the most serious the ICO has witnessed and the penalty reflects the disturbing circumstances of the case,” he said.

During the course of investigation, ICO found that the data destruction firm had offered free disposal of the computers in return for the sale of salvageable stuffs.

As the technology recycling industry continues to grow, we have seen a flood of new and existing businesses now offering supposedly free IT asset disposal (ITAD) services. While this is great for their bottom line, it leaves the door wide open to risks such as data breaches and potential fines from local and state governments.

The concern should not just be removing old computers from an office, but focus on helping decrease the risk of a data breach by providing secure data destruction and liability indemnification. At TechR2 this includes a department of defense (DoD) 3 pass overwrite on all hard drives, certified destruction of all data bearing devices, and responsible recycling, in addition to overall compliance with local, state and federal legislature (i.e. HIPAA, HITECH, Gramm-Leach-Bliley, PCI, Sarbanes-Oxley).

It is very difficult to provide all of these services without a price tag, which leads to our next point, how “FREE” is free?

Steve Mellings, chief operating officer at ADISA, an industry body representing about 30 ITADs, said the NHS Surrey case highlights that companies must value quality as well as price when disposing of outdated equipment.

“There is no such thing as free,” he said. “There’s always a cost and in this case, it is £200,000.”

Information adapted from: ChannelWeb, CBRonline, and Risk vs. Cost.



  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.


    Why risk it? Get started today! Call 614-322-2222


  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction, including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.