This policy outlines the standard operating procedures for handling, retaining, and securely destroying client data and hardware when computers or storage drives are retired or replaced. Maintaining strict data security protocols during hardware decommissioning is a top priority.
1. Secure Hardware and Data Retention (30-Day Holding Period)
When a client replaces a computer or storage drive and elects to utilize our recycling services, the following retention rules apply:
- Chain of Custody: Upon taking possession of the retired equipment, the physical hardware (laptops, desktops, or loose hard drives/SSDs) is transferred to a secure environment.
- 30-Day Safety Buffer: The storage drive, data, or complete computer system is safely retained for a strict period of thirty (30) days. This ensures a fallback window is available in the event that the client discovers missing data on their new system that needs to be recovered.
2. Data Sanitization and Physical Destruction Standards
Once the 30-day retention window expires, all storage media undergoes mandatory sanitization before any physical hardware is recycled or disposed of:
- Software-Based Wiping: For operational drives, data sanitization is performed utilizing the industry-recognized DoD 5220.22-M data sanitization method. This protocol completely overwrites all addressable locations on the hard disk with structured character patterns (zeros, ones, and random bit patterns) across multiple sequential passes to ensure information is permanently unrecoverable.
- Physical Destruction: In cases where a drive is non-functional, physically damaged, or cannot reliably complete the software sanitization pass, the drive is physically destroyed to completely prevent data extraction.
3. Responsible Hardware Recycling
Following verified data sanitization or physical drive destruction, the remaining physical computer hardware and components are processed through responsible electronics recycling channels to minimize environmental impact.
4. Documentation and Proof of Destruction
Letter of Destruction: To support client compliance records and audit requirements, Brian Barnes Consulting provides a formal Letter of Destruction upon request. This document verifies the specific hardware details, the sanitization method utilized, and the date the process was completed.