I am told that our service provider literally takes a hammer to the drives and platters. I have not yet verified this!
This might help (Section 6 - on data erasure):
http://www.cesg.gov.uk/site/publications/media/directory.pdf
Regards
>>> Tim Trent <[log in to unmask]> 08/12/2006 13:52 >>>
A hard disk failure this week brought data destruction policies firmly home to me. My laptop is Toshiba. The hard drive failed. It had to go back under warranty, but I have a cast iron assurance that all that can be done to ensure the disk is not read and that the data is wiped from it will be done. That is wholly different from a colleague's experience with HP, who were unable to give him that assurance at the time he needed it.
However, as a matter of normal business we upgrade computers and the hard drives are disposed of.
As Privacy Officers, have you ever been consulted about the destruction, or rather the "Sanitisation" of data on the old hard drives? The only really certain too for data destruction is a volcano, and that is probably not efficient use of resources, so what does your organisation do in order to render the data on the old drives unreadable?
A useful reference is the US National Industrial Security Program DoD 5220.22-M, as published and amended in February 2006
#####################################################################################
Note:
This message is for the named person's use only. It may contain confidential,
proprietary or legally privileged information. No confidentiality or privilege
is waived or lost by any mis-transmission. If you receive this message in error,
please immediately delete it and all copies of it from your system, destroy any
hard copies of it and notify the sender. You must not, directly or indirectly,
use, disclose, distribute, print, or copy any part of this message if you are not
the intended recipient. Newark & Sherwood District Council and any of its subsidiaries
each reserve the right to monitor all e-mail communications through its networks.
Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorized to state them to be the
views of any such entity.
Senders and recipients of email should be aware that, under the Data Protection Act
1998 and the Freedom of Information Act 2000, the contents may have to be disclosed
in response to a request.
Newark & Sherwood District Council Legal Disclaimer
Thank You.
#####################################################################################
#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared
by NetIQ MailMarshal
#####################################################################################
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
