----- Original Message -----From: [log in to unmask] href="mailto:[log in to unmask]">phil greggTo: [log in to unmask] href="mailto:[log in to unmask]">[log in to unmask]Sent: Friday, December 08, 2006 2:24 PMSubject: Re: [data-protection] Data DestructionI am told that our service provider literally takes a hammer to the drives and platters. I have not yet verified this!This might help (Section 6 - on data erasure):
http://www.cesg.gov.uk/site/publications/media/directory.pdfRegardsA hard disk failure this week brought data destruction policies firmly home to me. My laptop is Toshiba. The hard drive failed. It had to go back under warranty, but I have a cast iron assurance that all that can be done to ensure the disk is not read and that the data is wiped from it will be done. That is wholly different from a colleague's experience with HP, who were unable to give him that assurance at the time he needed it.However, as a matter of normal business we upgrade computers and the hard drives are disposed of.As Privacy Officers, have you ever been consulted about the destruction, or rather the "Sanitisation" of data on the old hard drives? The only really certain too for data destruction is a volcano, and that is probably not efficient use of resources, so what does your organisation do in order to render the data on the old drives unreadable?A useful reference is the US National Industrial Security Program DoD 5220.22-M, as published and amended in February 2006
Note:This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Newark and Sherwood District Council and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks.Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity.Senders and recipients of email should be aware that, under the Data Protection Act 1998 and the Freedom of Information Act 2000, the contents may have to be disclosed in response to a request.Newark & Sherwood District Council Legal DisclaimerThank You.
This e-mail message has been scanned for Viruses and Content and cleared by NetIQ MailMarshal
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
- Leaving this list: send leave data-protection to [log in to unmask]
- Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
- To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
- To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)