Classified ads site Craigslist is known the world over as a place to advertise goods and services to sell to others. You’ll find anything on there if you look hard enough. New homeowners can fill their bare new abode, keen sports fans can purchase memorabilia and equipment, and job-hunters might even be able to find a new career.
There's plenty on Craigslist that falls under the category of ‘ordinary’, but there are also items that can really raise eyebrows. One such item that came to light in the past few weeks was the appearance of servers and disk drives pertaining to be from a bankrupt Canadian hardware and software retailer, NCIX. In itself, this is a pretty alarming find, but throw in the fact that this hardware was completely unwiped, with data relating to customers and employees fully accessible, and the true horrors of the find are clear for all to see.
This, bluntly, was a monumental cock-up.
The listing has now been met with a proposed class action lawsuit that has been put forward by a software engineer in Vancouver who had previously provided NCIX with his name, address and financial details. In the proposed claim, the engineer is putting forward the argument that NCIX failed to put the right procedures in place to encrypt the private information of himself and over 250,000 other customers, and that a technology company would have been expected to have appropriate measures in place to protect customers’ personal information.
We’ve written before on this blog of methods on how to delete data properly and the dangers of assuming that ‘format’ means the same as a complete data wipe (hint: it doesn’t). Safe disposal of hard drives and other hardware isn’t something that should strike fear on in the hearts of mortal men. It is perfectly possible to destroy hard drives (both physically and by overwriting prior data), and there is no reason to assume that you need to employ the services of a specialist company to carry out this process for you, although we certainly wouldn’t dissuade you from going down that road.
If you’re dealing with large quantities of hardware or you want peace of mind that your hardware is being disposed of or recycled correctly, then you could certainly look at such professional hardware recycling and disposal options. A quick Google search brings up various options for IT recycling companies across the UK. Typically, you can expect such firms to offer data destruction and hardware recycling, with UK-wide collection services offered by some, alongside on-site data wiping, media shredding and degaussing (wiping a hard drive by altering the magnetic field on the drive).
On the recycling side, dedicated IT recycling and disposal companies can ensure that recycling of any unused equipment is WEEE compliant - something all businesses should show good practice in.
However you choose to do it, safe disposal of equipment is a must, for data protection, for the environment and for legal responsibilities. Data breaches, failing hardware, IT upgrades: all are potential problems facing any business, and ensuring data stored on hard drives (both current and those no longer in use) is safe should absolutely be a priority.
We must all learn from incidents like those concerning NCIX. Otherwise we could find ourselves facing similiar legal troubles.
If you're concerned about how your business disposes of old equipment, contact us to find out how we can help.