The 3 Standards of Certified Secure Data Destruction | Bot

Índice de conteúdos

All data has its value, be it financial, legal, historical or even sentimental. However, there are some cases where they need to be permanently deleted, and that’s where secure data destruction comes in.

Far beyond conventional deletion or even formatting the device, it uses techniques and practices with the aim of making any future recovery as difficult as possible, in a complex, secure and confidential service with a certificate at the end.

Bot has all the necessary infrastructure for the definitive extermination of data for public and private sector organizations, as well as individuals and companies, with algorithms and techniques that follow the highest standards approved by regulatory entities in Brazil, the United States and Europe.

In addition, our services fully comply with the provisions of Law No. 13,709 of August 14, 2018, the LGPD (General Personal Data Protection Law), which guarantees your total security and efficiency.


Destruição segura de dados

What is secure data destruction?

It is a service that aims to make files completely illegible, regardless of where they have been stored. It also makes future recovery of these files by commercial means or their subsequent misuse impossible.

Data is fundamental to business today. However, whether after data has been collected, used, purchased, transferred or stored, one concern is common among companies: what to do with this data when it is no longer needed.

This concern becomes even bigger when we look at the statistics on data breaches. According to Statista, 155.8 million records were exposed in the United States alone in 2020, which is equivalent to almost 5 records leaked every second.

Furthermore, according to the World Economic Forum’s Global Risks Report 2021, cyber security failure was named as a risk that will become a serious threat to the world in the next two years, having been chosen by 39% of respondents.

Therefore, every care is needed to prevent sensitive data from falling into the wrong hands and, with the destruction of the data, it can no longer be read by any operating system, application or software.

In the United States alone, 155.8 million records were exposed in 2020, which equates to almost 5 leaked records per second.

How does secure data destruction relate to the LGPD?

Before the LGPD, Brazil had no law specifically dealing with the processing of personal data. However, a series of global events have triggered this necessity, such as the spying data released by Edward Snowden in 2013 and the Facebook controversy with Cambridge Analytica in 2018.

It was especially the case of Facebook, which may have collected data from up to 87 million users without authorization, that prompted the emergency sanction of the LGPD, an important milestone for Brazilian legislation.

For those who don’t know what the LGPD is, it gave users more control over their data, the collection of which must be expressly informed. Furthermore, companies or entities that infringe this right can be fined up to R$50 million!

By opting for secure data destruction, you avoid any kind of future legal problem, as it becomes practically impossible to access it again.

How does secure data destruction work?

There are different methods of secure data destruction, and Bot works with physical or logical data erasure (or Data Wipe), which have very high levels of reliability.

Within data erasure, there are different “standards” that can be adopted, and we work with the following:

DoD 5220.22-M “standard” data destruction 

The DoD 5220.22-M destruction method was published by theU.S. Department of Defense (DoD) in the National Industrial Security Program Operating Manual (NISPOM), initially in 1995.

At the time, the document contained the specifications of a hard disk overwriting process. In its original requirements, the DoD 5220.22-M method, also known as the DoD3-pass method, was generally implemented as follows:

  • Step 1: Overwrite all addressable locations with binary “zeros”.
  • Step 2: Overwrite all addressable locations with binary “ones” (complementing the previous step).
  • Step 3: Overwrite all addressable locations with a random bit pattern.
  • Checking the last overwrite step.

Erasing a hard drive with the DoD 5220.22-M method prevents all software and hardware based file recovery methods from recovering important data from the disk.

Later other methods were released, such as the 2001 DoD 5220.22-M ECE, which has not only 3 steps, but 7 steps (twice DoD 5220.22-M, with an extra step in between).

The DoD 5220.22-M method is still one of the most common in data destruction software and is generally still considered to be an industry standard in the United States.

But still, this DoD technique is less efficient today than it has been in the past, and it takes more resources and is less cost-effective than other, more modern standards, which has caused it to fall out of the recommended practices in some federal agencies.

It should be noted that hard drives that pass the DoD 5220.22-M method can be used for storing new files, even if the previous ones can no longer be recovered.

NIST 800-88 “standard” data destruction

DoD 5220.22-M is a very effective method. However, it was released before we had smartphones and flash memory storage technologies like SSDs.

For this reason, in recent years, a publication of the National Institute of Standards and Technology (NIST) in the United States has become the standard adopted for data exclusion in the North American country: NIST Special Publication 800-88.

NIST 800-88 was originally released in 2006 and revised in December 2014. The publication addresses flash storage and mobile devices, which were not considered in the DoD process.

The document highlights the preferred methodologies for data destruction on hard disks, peripherals, magnetic and optical storage disks, and other storage media.

Basically, NIST 800-88 describes three methods that can help ensure that data is not unintentionally accessed:

  • NIST Clear. The method clears the data at all addressable locations using logical techniques. It is usually applied via standard “Read” and “Write” commands to the storage device.
  • NIST Purge. This method applies physical or logical techniques that prevent data from being recovered by using advanced techniques in laboratories.
  • NIST Destroy. Ultimately, the method resorts to physical destruction by using techniques to prevent data recovery, but also prevents the media from being reused for data storage.

How is this physical destruction done?

In addition to logical destruction, as in DoD method 5220.22-M and NIST Clear, Bot also offers secure data destruction by physical means, which can be done using two different procedures. They are:

Electronic destruction

First, the status of the device’s critical circuits is checked. Then its electronic circuits are destroyed, and finally the electronic board’s BIOS is read and erased, rendering the device unusable.

Mechanical destruction

In mechanical destruction, the actuator of the device’s reading heads is burned out. Their magnetic surfaces are then demagnetized and destroyed, also rendering the device completely unusable.

What is the best method of secure data destruction?

It depends on the device you have. If you have a HD, you can choose either DoD 5220.22-M or NIST 800-88. The latter is even better suited if the number of devices going through secure destruction is large, as it is faster.

However, if you have SSDs, smartphones, or other such devices, then you must rely on NIST 800-88, as they are not covered in the DoD 5220.22-M standard.

According to the needs of each service or the thorough analysis of Bot’s technicians, after the logical destruction, the electronic or mechanical destruction of the devices can also be performed.

How much does secure data destruction cost?

Data destruction is a procedure with a variable cost. After all, everything will depend on what standard will be used for destruction, as well as the condition of the storage device and even the urgency of each customer.

To find out how much secure data destruction costs, request a proposal with Bot. Just fill out the form on this page and wait until we get back to you – as soon as possible!

Can’t I just delete the data or format the device?

No. When this is done, in the vast majority of cases, it is possible to regain access to them through data recovery, a professional, lab-based service.

Just to give you an idea, here at Bot, we are successful in data recovery in 95% of cases. This means that for every 20 hard drives or devices that have had their data lost, whether by accidental or intentional deletion or formatting, among other failures, data can be recovered on 19 of them.

When you opt for secure data destruction and the service is done correctly, by experienced technicians and in certified labs, as here at Bot, it is virtually impossible to recover that data. Even our own team cannot recover them after safe destruction.

What guarantees that the data has been deleted and cannot be recovered?

After data destruction, Bot issues a certificate that proves the definitive deletion of the data, all in a secure and confidential manner. This document brings even more veracity to our services.

Furthermore, it is worth mentioning that Bot boasts a 99.8% satisfaction rate among our clients, which is a source of pride around here, as well as being proof of the excellence of the services provided to our clients, something crucial when dealing with a subject as sensitive as sensitive data.

Secure data destruction: a necessity to avoid problems and comply with LGPD

The value of data today is very high. With an ever-increasing volume being created (and violated, unfortunately) every second, as well as laws and regulations becoming ever stricter, the ultimate exclusion must be done according to validated and recognized techniques and practices.

Bot is the ideal company for secure data destruction, able to provide all the peace of mind that individuals, companies and organizations in the public and private sector need to avoid any kind of problem in this field.

Request a quote for the secure destruction of your data on our dedicated page now!


Posts relacionados