Data Erasure Policy
1. Purpose
This policy ensures all client data stored on IT devices is securely erased to protect privacy, comply with data protection laws, and prevent unauthorized access.
2. Scope
This policy applies to all data-bearing devices, including:
- Hard drives (HDDs and SSDs)
- USB drives and memory cards
- Mobile devices
- Laptops, desktops, and servers
3. Data Erasure Methods
We use the following methods to ensure all data is permanently erased:
Software-Based Data Wiping
- Approved software tools such as Blancco, DBAN, or similar are used.
Physical Destruction
- Devices that cannot be reused are physically destroyed using shredding, drilling, or crushing methods.
Overwriting
- Data is overwritten multiple times to prevent recovery.
4. Client Consent
- Clients must provide consent before data erasure is performed.
- A certificate of data erasure can be provided upon request.
5. Verification
- All devices are checked after erasure to confirm no data remains.
- Data recovery tools are used to verify the success of erasure.
6. Record Keeping
For each erasure, we record:
- Client name (or ID)
- Device details (type, model, serial number)
- Erasure method used
- Date of erasure
7. Compliance
This policy complies with:
- GDPR (General Data Protection Regulation)
- NIST SP 800-88 Standards
- Blancco SSD Erasure Standards
8. Responsibilities
Technicians
Ensure data is erased securely.
Clients
Provide consent for data erasure services.