Educause Security Discussion mailing list archives

Re: hard drive destruction

From: Tony Gauvin <tonyg () MAINE EDU>
Date: Thu, 10 Aug 2006 11:14:35 -0400

The issue: if a hard drive that is under warranty fails most technicians will contact the vendor, get a replacement 
drive and send the "bad" drive back to the vendor. If there is sensitive information on that drive (worst case 
scenario always) the vendor now has access to that data and/or worse yet they repair the drive and sell it to someone 
else.

The solution is too not replace the hard drive under warranty but to physically destroy it and purchase a new drive. 
The rationale is that data is worth more than the drive. Why risk the data just to recoup the cost of the drive?

Tony Gauvin
tony () gauvin org
  ----- Original Message ----- 
  From: Michael Fox 
  To: SECURITY () LISTSERV EDUCAUSE EDU 
  Sent: Thursday, August 10, 2006 10:44 AM
  Subject: [SECURITY] hard drive destruction

  I am working on policy and procedures for hard drive wipe/destruction. I have most of what I need for my procedures 
but I have hit one sticking point. I would like to get some input as to how others have handled this issue. 

  The issue: if a hard drive that is under warranty fails most technicians will contact the vendor, get a replacement 
drive and send the "bad" drive back to the vendor. If there is sensitive information on that drive (worst case scenario 
always) the vendor now has access to that data and/or worse yet they repair the drive and sell it to someone else.

   What do you folks do with this kind of scenario?

  Any information will be a great help.

  Thanks in advance,
  Mike

  Mike Fox
  Georgia Southern University
  Information Technology Services
  Office of Information Security
  mfox () georgiasouthern edu
  (912)871-1592

  Jeremiah 29:11-16

  NOTE: This email message is intended only for the named recipient(s) above
  and may contain information that is privileged, confidential, and or exempt
  from disclosure under applicable law. If you have received this message in
  error, or are not the named recipient(s), please immediately contact the
  sender and delete this email message.

Current thread:

hard drive destruction Michael Fox (Aug 10)
- <Possible follow-ups>
- Re: hard drive destruction Tony Gauvin (Aug 10)
- Re: hard drive destruction Les LaCroix (Aug 10)
- Re: hard drive destruction Roy Hatcher (Aug 10)
- Re: hard drive destruction Mark T. Nardone (Aug 10)
- Re: hard drive destruction Pace, Guy (Aug 10)
- Re: hard drive destruction Barnes, Jeff (Aug 10)
- Re: hard drive destruction Jim Dillon (Aug 10)