Who is Responsible for End-of-Life Data Destruction?

Who is Responsible for End-of-Life Data Destruction?

By Marcus Ho

November 20, 2020

What happens to IT equipment when it becomes obsolete or useless? This is a question many businesses grapple with when upgrading their IT assets.  Sometimes the equipment is not outdated but redundant, for example, after an IT relocation to an upgraded data center.  

Many businesses will lock up this equipment in a warehouse and forget about it, or at best donate it. But there is one crucial aspect in handling end-of-life equipment that is often overlooked; data destruction. 

Why is Data Destruction Important?

Data destruction is wiping, erasing, corrupting, or/and physically destroying data on storage disks such that it does not pose a threat to the data owners.  Traditional data destruction methods included shredding and burning paper files, photos, tape magnets, and any other medium holding business information.

Today’s data destruction revolves around destroying data on IT-related equipment. It includes;

  • Desktops, laptops, and tablets
  • Servers 
  • USB flash drives and external hard disks 
  • Backup hard disks and magnetic tape storage 
  • DVD/CDs
  • Mobile phones 
  • Cloud storage 

Data destruction should be done as soon as the equipment is marked for disposal. When relocating IT assets, this should be done before the equipment leaves the premises. An IT relocation service can offer this service as part of the relocation package. 

Risks Avoided With Secure Data Destruction 

Data on unsecured end-of-life equipment can be used by people with nefarious intentions to harm the business or get an advantage over it.  These risks include;

Data breaches

A data breach occurs when unauthorized parties access confidential information.  This information could be customer credit card information, patient health records,  employee HR records,  or the latest product test results in R&D research.  

Some  of the notable data breaches that have  happened because of unsecured  end-of-life equipment are;

  • The US National Archives and Records Administration leaked personal information of 76 million veterans after sending hard drives for repairs without  wiping them (2009)
  •  The Dutch government lost details of 6.9 million organ donors after hard drives  storing the details were stolen (2016)
  • Idaho Power Co. leaked details of 460,000 customers, including credit card information, after  old hard drives were sold on eBay without being wiped (2006)
  • Science Applications International Corporation lost the personal information of 4.9 million customers after tape storage was stolen from an employee’s car (2011)
  • Centene Corporation reported misplacing unencrypted hard drives containing the details of 960,000 clients  (2015)

Hacking Attacks 

Hackers gather all the information they can on an organization to assess points of weakness in the network. This reconnaissance phase involves collecting  IP addresses, email addresses, key personnel details, IT assets details on hardware and software.

Unsecured end-of-life equipment presents a rich source of information for hackers. There are all kinds of metadata information to mine and map the organization.  It makes penetrating the network much easier than it should be. 

Corporate Espionage 

Corporate espionage aims at getting a competitive edge over business rivals by accessing confidential information.  It can be R&D data on an upcoming product, schematics, prototypes, and tests.  Exposing this kind of information makes a business lose its competitive edge and revenues. 

Financial and Legal Complications  

Businesses that lose confidential customer information are at risk of suffering legal and financial penalties for negligence. A good example is US retailer’s Home Depot compensation fines of over $170 million for a data breach that exposed customer credit card details. 

Several laws protect customer data today. In the US, they are the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act, and the Fair and Accurate Credit Transactions Act. In Europe, there is the General Data Protection Regulation.  Failure to secure data on end-of-life equipment runs afoul of these regulations.

How is Data Destroyed?

There are electronic and physical methods of data destruction. Many people make the mistake of thinking that a full format will remove all the data from a storage device. But it is easy to recover data from a formatted disk using advanced forensics tools.

Proper data destruction should be more sophisticated than full formatting. It is why this task should be left to an IT relocation service. They have the resources to deploy  data destruction methods such as;


This data destruction method uses a strong magnetic field to scramble the electromagnetic field of a storage device.  Degaussing can be done relatively quickly using a  special degausser machine. It renders a storage drive inoperable, so it cant be used on equipment meant for donation or reuse. 


Overwriting destroys data by corrupting it with other characters like 1 and 0. The overwriting can be random or in algorithmic patterns, with each overwrite counted as a pass.  High security overwriting requires the NSA-standard 35 passes.

Overwriting has an advantage in that it does not physically damage the storage device. It makes it appropriate for equipment that is to be repurposed. 

Physical Destruction 

Physical destruction is the surest way of making sure that a storage device does not fall into the wrong hands. Taking a mallet to a whole data center’s hard drives is a bit impractical. IT relocation services  use more efficient equipment and methods, including;

  • Crushing –  The hard drives are crushed between the high-pressure jaws of a crusher 
  • Disintegration – This is done to take apart the various components of a storage media. Metal parts can be retrieved from older hard drives for recycling
  • Shredding – Special cutting equipment is used to take apart and shred the storage media into tiny pieces no bigger than 5 mm. Shredding works well for solid-state drives, DVDs, and CDs
  • Incineration – The storage media is burnt in a furnace at very high temperatures till it reduces to ashes and molten metal 

Why Use an IT Relocation Service for Data Destruction?

The ordinary business is not equipped for doing proper and secure data destruction.  Engaging the services of a professional data destruction service  makes better sense for several reasons;


If you are doing IT relocation, it is cheaper to have the IT relocation service take care of the equipment that will not be needed in the new data center. Your only role would be supervisory to ensure that everything is done as required. 

Special Equipment 

A professional data destruction service has the necessary equipment to do a proper job.  This equipment includes degaussers, crushers, shredders, and furnaces. By contracting these services, you avoid the hassle of going around looking for hire equipment.

Safe Disposal 

Guidelines for disposing of e-waste have become more strict. You can’t dump obsolete IT equipment in the dumpster. IT relocation services can offer safer disposal methods, including repurposing the equipment for disposal, if you so wish. They also have the permits necessary for disposing of crushed, shredded, and incinerated waste.

Secure end-of-life data destruction should be taken very seriously because of the risks involved in handling data. Engaging a professional service to do it is the smarter choice to ensure confidential data does not fall into the wrong hands. 

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Have a question? We're a message away.