Companies must have the necessary contingency plans in the event of a breach to ensure they can protect sensitive data.

Xperien has developed secure processes for destroying data from redundant hard drives.

The company warns that data must be erased using one of the three methods in order to be compliant with the Protection of Personal Information Act 2013 (PoPI) and to meet the strict security standards for monitoring, control and alignment with most organisational policies.

Xperien CEO Wale Arewa says organisations must always demand certification and documentary proof of due diligence in the execution of data destruction. “This will also ensure that a company’s intellectual property does not fall into the wrong hands.”

Companies handling their own data destruction cannot be assured that their company data is secure. Using inexperienced staff to handle data destruction may seem like a sound policy but it’s not, there is always potential for human error.

Arewa points to cost savings as the most probable reason for internal data destruction. “This decision could be costly in the long run if their data security is breached. Like any professional service, when it comes to data management and destruction, it is advisable to use a vetted certified data disposition company.

“You need one that executes to standards with quality controls, processes and financial instruments that provides additional protection when destroying your data,” he adds.

The most environmentally-compliant method is advanced digital data elimination. It allows the hard disk drive to be reused and Xperien’s software solutions also provide reliable audit trails.

Physical shredding of the hard disk drive crushes and mangles it into tiny 25mm pieces, eliminating all the data and rendering the hard drive unusable.

Degaussing is a process that uses a magnetic charge to eliminate data. It also destroys other components of the hard disk drive, ensuring double protection.

“More importantly, one must vet and verify the company you contract with for data destruction in the process and systems they use to destroy data. Are they certified? How often are they audited and by whom? Do they have quality controls in place to measure effectiveness of their data destruction program and process,” he concludes.