Anyone Have a Data Destruction Form?

resolvetech

resolvetech

Active Member
Reaction score
44
Location
New Hampshire
Wondering if anyone might be able to share a hard drive disposal legal form? I just want to make sure I cover my bases. The client wants something saying that it will be disposed of properly. They are a dentist so HIPAA applies. My plan is to run it through KillDisk or some other program and then physically destroy with sledge hammer. From there off it goes to my friend who recycles the scrap computer parts.

P.S.
Personally I don't trust anyone with client data destruction (even recyclers). **** happens and I don't want it to happen to me. Ever see those videos on copier drive disposal (or lack thereof)?
 
There is nothing legal you can do that can fully protect you. In the end, it is your word(that you destroyed the drive) vs their belief, or lack of, that you did. If you are really concerned then outline what you do in an affidavit:

I, FILL IN THE BLANK, do testify that I destroyed all data on this Hard Disk Drive, Make, Model, and Serial numbers using the following methods:

1. I used program x
2. I smashed the drive with a hammer.
etc.

Sign and date it. Even have it notarized.

Even with all that, it is still your word against them.
Personally, I just use an invoice that states all the above.
 
We have a generic certificate that we stick on a label that Drive Erazer produces. Drive Erazer spits out a label with the model/serial number of drive, date/time, and wipe method used. We stick that label on the certificate...make a copy of the cert...we keep one in the clients folder, client gets the original.
So the label is printed by a professional drive wiping appliance..there is no "our word against theirs".
https://www.cru-inc.com/products/wiebetech/wiebetech_drive_erazer_ultra/
 
YeOldeStonecat said:
We have a generic certificate that we stick on a label that Drive Erazer produces. Drive Erazer spits out a label with the model/serial number of drive, date/time, and wipe method used. We stick that label on the certificate...make a copy of the cert...we keep one in the clients folder, client gets the original.
So the label is printed by a professional drive wiping appliance..there is no "our word against theirs".
https://www.cru-inc.com/products/wiebetech/wiebetech_drive_erazer_ultra/
Click to expand...

I am the same and I also scan and upload it to reparshopr so they can see the cert any time they want
 
resolvetech said:
Wondering if anyone might be able to share a hard drive disposal legal form? I just want to make sure I cover my bases. The client wants something saying that it will be disposed of properly. They are a dentist so HIPAA applies. My plan is to run it through KillDisk or some other program and then physically destroy with sledge hammer. From there off it goes to my friend who recycles the scrap computer parts.

Try these 2 links:

Phttp://www.liquidtechnology.net/data-destruction-certificate.php
https://www.google.com/search?q=dat...XFVRQKHb94B7UQsAQIHA&biw=2293&bih=922&dpr=0.7
Click to expand...
 
I avoid this all together. I hand my clients back their hard drives and let them decided what to do with it. Why put your business in harms way when you don't have too.
 
Looking forward to seeing the templates, as that's exactly what led me here.

Fortunately there's a drive destruction facility within reasonable driving distance from me. And they also provide a certificate.

One of my clients is a Dentist, and has to even have the printers memory wiped. I have a handy electro-magnet for that.
 
There's no magic formula you need for a Certificate of Destruction form/template. Read up on all the NIST documentation out there. Now that your mind is exhausted from that...which just talks about methods, all you need on your cert are a few basic things. Date, make/model/serial number of drive, and where it came from..we fill in computers host name, end user(s), and client name. Next....the method of destruction used to sanitize the drive.

Now, what's import to me, is to PROVE that the drive is destroyed. Pluggin' it with holes from your S&W 9mm in the back yard is fun...sure, but...how can you PROVE it's illegible? Waving a potent magnet across it..entertaining for a few minutes, but how can you PROVE the drive is illegible? Smashing with a hammer? Just mucks up your nice counter top and annoys the neighbors. Can't prove the drive is illegible. You can take pictures I guess..and attach..but those don't really prove much.

This is why I prefer an professional drive wiping appliance (or software if it's available) to take the onus off of me. NIST tested the CRU Drive Erazer and it achieved "expected results". It prints out that certificate..noting the make/model/serial number/method of destruction. We take that printed out label, apply it to a larger sheet of paper with a certificate of destruction logo on it...sign it, make a copy of it for ourselves, and hand the client a copy. Doing it this way removes as much of your word "honest..I did it..I smashed it" as possible..and puts more confidence in the clients mind (or auditors mind) that the drives were wiped because it was done with a professional appliance that spit out a label saying so.
 
You must log in or register to reply here.

Similar threads

F
Wiping a drive with confidential data on it
Replies
19
Views
2K
Larry Sabo
Larry Sabo
Back
Top