
Big Tech, Banks, Government Departments Shred Millions of Storage Devices They Could Reuse (ft.com) 80
Companies such as Amazon and Microsoft, as well as banks, police services and government departments, shred millions of data-storing devices each year, the Financial Times has learnt through interviews with more than 30 people who work in and around the decommissioning industry and via dozens of freedom of information requests. From the report: This is despite a growing chorus of industry insiders who say there is another, better option to safely dispose of data: using computer software to securely wipe the devices before selling them on the secondary market. "From a data security perspective, you do not need to shred," says Felice Alfieri, a European Commission official who co-authored a report about how to make data centres more sustainable and is promoting "data deletion" over device destruction. Underpinning the reluctance to move away from shredding is the fear that data could leak, triggering fury from customers and huge fines from regulators.
Last month, the US Securities and Exchange Commission fined Morgan Stanley $35mn for an "astonishing" failure to protect customer data, after the bank's decommissioned servers and hard drives were sold on without being properly wiped by an inexperienced company it had contracted. This was on top of a $60mn fine in 2020 and a $60mn class action settlement reached earlier this year. Some of the hardware containing bank data ended up being auctioned online. While the incident stemmed from a failure to wipe the devices before selling them on, the bank now mandates that every one of its data-storing devices is destroyed -- the vast majority on site. This approach is widespread. One employee at Amazon Web Services, who spoke on condition of anonymity, explained that the company shreds every single data-storing device once it is deemed obsolete, usually after three to five years of use: "If we let one [piece of data] slip through, we lose the trust of our customers." A person with knowledge of Microsoft's data disposal operations says the company shreds everything at its 200-plus Azure data centres.
Last month, the US Securities and Exchange Commission fined Morgan Stanley $35mn for an "astonishing" failure to protect customer data, after the bank's decommissioned servers and hard drives were sold on without being properly wiped by an inexperienced company it had contracted. This was on top of a $60mn fine in 2020 and a $60mn class action settlement reached earlier this year. Some of the hardware containing bank data ended up being auctioned online. While the incident stemmed from a failure to wipe the devices before selling them on, the bank now mandates that every one of its data-storing devices is destroyed -- the vast majority on site. This approach is widespread. One employee at Amazon Web Services, who spoke on condition of anonymity, explained that the company shreds every single data-storing device once it is deemed obsolete, usually after three to five years of use: "If we let one [piece of data] slip through, we lose the trust of our customers." A person with knowledge of Microsoft's data disposal operations says the company shreds everything at its 200-plus Azure data centres.