Non-Government Organizations – Are You Required to Destroy Magnetic Media?

November 29, 2018 at 3:53 pm by SEM

Many organizations or companies, that have no connection with state or federal government agencies, possess large amounts of information that reside on hard drives, backup tapes, and a variety of other magnetic media that contains extremely sensitive information. Depending on the nature of your business, much of this data requires complying with strict industry standards. It is difficult to mention all of the industry standards that are out there, but here are a few that may apply to your business: HIPAA (Health Insurance Portability and Accountability Act), FERPA (applies mostly to colleges and universities), FACTA (Credit Transactions Act), and Sarbanes Oxley Act and PCI DSS (Payment Card Industry- Data Security). Non-compliance on the part of your organization could result in fines or expose your company to criminal and civil liabilities.

Growing Need for Proper Media Sanitization & Destruction: Why Degauss?

emp 1000HS
SEM’s NSA listed Model EMP1000-HS degausser is an ideal solution for rotational hard drives; however, degaussing has NO effect on solid state media.

Media sanitation and destruction is the one thing you can control internally to guarantee total confidentiality for your organization. Computer technologies are changing every day, creating more powerful computers with track densities that make previous methods of destruction totally obsolete. Degaussing is a method that exposes the magnetic media, like hard drives and backup tapes, to a powerful magnetic field. This method not only destroys the media but also the firmware that manages the device. Some of the more prominent high security IT organizations and test facilities in the U.S. prefer this method of destruction over all others.

Is Physical Destruction Really Necessary?

Some people consider physical destruction the ultimate form of media destruction. Physical destruction of hard drives can be accomplished by shredding, crushing, or using a device that bores a hole in the center of the drive creating severe damage to the housing and internal workings of the drive. Incineration and melting will also destroy media, but these methods may be impractical or unavailable to your average company. Most physical destruction devices have a relatively small footprint and can be located in your IT department or in a designated area within the company. Depending on the importance or security categorization of your data, you might consider a two-step process where degaussing and physical destruction go hand-in-hand. Most government agencies are dealing with extremely sensitive data, which requires degaussing and some form of physical destruction. This is something to seriously consider with the increasingly sophisticated level of encryption that is out there today.