Does Your Service Contract Leave You Unknowingly Exposed?By Elizabeth Ryan
Hardware maintenance contracts could be leaving users exposed to data breaches. When you have a hardware failure, your service provider should remove the failed component and replace it with a new one. Typically, service contracts state that the failed component becomes the property of the provider. These service providers generally try to repair the failed component for resale or keep it as a spare part.
Issues arise when the failed component is a disk or other device that holds data. You have custodial responsibilities for this data. Since the failed component is no longer operational within your system and has been removed, you lose the ability to access this data. Your inability to access this data doesn’t mean other hardware or software cannot.
The first question to ask is, “Does my device contain any data that I have a custodial responsibility for?” You need to assume yes due to modern computer networks and the interconnectivity of the “Internet of Things.” The next question is, “Where does your responsibility end for this data?” In recent years, the proliferation of regulations concerned with protecting individual privacy rights has become overwhelming. Most of these regulations state that custodianship of this information ends when the custodian has returned or destroyed the data. When returning electronic data is impossible, physical destruction of the device is the only alternative.
Most replacement components travel to and from a location by a standard freight carrier. There is always the possibility that a failed hard drive could get lost in transit returning to the service company and it can be unknown what data remains on that device. Are you responsible to declare a Data Breach? Yes, according to regulations.
In response to this issue, some service providers are including a “device retention” option. This option allows you to retain possession of the failed device at an additional fee. Allowing you to dispose of it yourself or through 3rd party who specializes in physical destruction of data. Check with your current service provider to learn if they offer these solutions.
To learn more about proper data disposal, visit our Data Destruction Page to speak with a certified specialist.Posted on December 11th, 2015 under Data Destruction