Recent high-profile data breach cases have shown that data security and secure data destruction are often overlooked—but critical—aspects of IT asset disposition (ITAD). But what exactly is involved in secure data destruction, what standards are a certified electronics recycler held to, and how can you ensure that your data is absolutely secure in the IT asset disposition process? 

Here, we provide a look at the rigorous requirements of the NIST 800-88 data destruction standard and why it is critical for your electronics recycler to possess this essential certification.

What are the impacts of a data breach?

A recent report by IBM Security found that the average cost of a data breach has increased to $4.35 million. The study also showed that 83% of organizations surveyed have had more than one breach. In addition to shouldering significant financial costs, these organizations dealt with other secondary impacts to their business, such as reputation loss, legal liability, loss of business, and lack of consumer trust.

Considering these potential ramifications of a data breach for a business, it is imperative that your business prioritize an ironclad IT asset disposition (ITAD) strategy as part of business operations. You’ll want to ensure your used or spent electronics are handled by a third party that follows a strict set of rules and standards when handling confidential information. That way, your customer’s sensitive data does not fall into the wrong hands after your company has disposed of, or recycled previously used equipment. 

What is NIST 800-88?

From phone lists and customer data to financial reports, research and banking information, businesses generate quite a bit of sensitive personal and confidential business data. That data needs to be securely destroyed from electronics once a business has determined those electronics have reached end-of-life. 

Originally created for government use by The National Institute of Standards and Technology (NIST), an agency of the United States Department of Commerce, the NIST 800-88 is a document that provides specific guidance on media sanitization and how to securely erase data from media equipment. NIST 800-88 is one of many sets of guidelines for the sanitization of data included in technology assets, but is now considered the most widely accepted guideline to reference by government and corporate entities alike. 

How does NIST 800-88 work?

The NIST 800-88 data destruction standards apply to all media types including hard copies, networking devices, magnetic media, optical media and storage devices. It divides data sanitization into three categories depending on the level of data destruction required: 

  • Clear: “Clear” sanitization protects against non-invasive data recovery and provides a moderate level of data protection (used for devices such as USB sticks or memory cards).
  • Purge: “Purge” data sanitization applies to physical or logical processes that provide a more thorough level of sanitization for confidential data.
  • Destroy: “Destroy” sanitization is the most extreme—using techniques such as shredding or melting—and renders media incapable of storing data. 

For a device to be considered validated as sanitized in accordance with NIST 800-88, the data sanitizer must document the device serial number, method and date of destruction, name of supervising party, verification, and validation. 

Why is it important for your ITAD partner to use NIST 800-88?

Whether you decide to recycle, transfer or permanently retire your electronic devices at end-of-life, your equipment is vulnerable to data being accessed or breached. For example, you might assume that a third party has fully erased data from the disposed devices, when the data has not been completely removed. A recycling partner that uses the NIST 800-88 recycling controls reduces the likelihood that someone can access sensitive data after you dispose of your equipment, and also provides you with verification and documentation to prove that you responsibly disposed of your electronics. 

Protect your business and your sensitive data by entrusting your retired IT assets to an experienced ITAD service provider who operates under the guidelines of the NIST 800-88 standard. Contact us today to learn more about the specific steps we take to ensure your data is secure during the ITAD process.  

contact us

Read More:

What to Learn from the Latest E Waste Disposal Failures

Interview: GER President on the Importance of Proper E Waste Disposal

Your Quick Guide to the NIST 800-88 Data Destruction Standard

Read More