Through our repair, refurbishment, and recycling work we come into contact with personal or company data in digital and physical format. We take measures to protect any data that is in our possession or in our ownership from being retrieved by third parties.
This list, which is by no means exhaustive, documents some of the procedures that we have in place:
- If appropriate to do so, we destroy any data as soon as possible by mechanical means, by paper shredding, or by the reformatting of storage devices.
- Unless required in order to carry out repairs or to retrieve data at the request of the client, personal or company data is not viewed by our staff members.
- Inspection of personal data is only done to the level required for the task in hand, e.g. to a file structure level, or to a specific document or set of documents.
- Single pass paper shredding is considered to be sufficient for achieving paper data security.
- A three pass format is carried out on hard drives that are not destroyed.
- Items that are in our possession will not be deemed to have passed into our ownership until all personal or company data is removed.
Clients are encouraged to take their own steps in managing data security although, in order to be able to refurbish computer equipment, we prefer that hard disc drives have accessible recovery partitions. We also strongly recommend that, if possible, data is backed up to an independent storage device prior to to repair work being carried out.
It is recommended that technical staff are given the task of destroying data. We have seen some cases where what was thought to have been effective destruction of hard disc drives had in fact left them intact.
Further information
- New Zealand Information Security Manual (NZISM) from the Government Communications Security Bureau (GCSB)