Data Destruction Policy
The Jamil Trust Data Destruction Policy
The Jamil Trust refurbishes used computers and assorted IT equipment for reuse. In processing donated IT equipment the charity has a duty of care to ensure that data is removed with an appropriate level of sanitisation commensurate with the sensitivity of the data stored on the media (hard disk, removable media, flash memory, etc.).
The following document sets out The Jamil Trust’s policy on data sanitisation and destruction and the stringent standards we follow to ensure the secure, full removal of confidential and sensitive data from redundant IT equipment ensuring compliance with General Data Protection Regulations (GDPR).
Hard Drive Return or Destruction Policy
If the hard drive or any storage media is removable The Jamil Trust MUST REMOVE IT AND HANDOVER TO THE OWNER .
However if the hard drive or storage media is not removable then we erase it using the following methods.
How We Erase Data
The Jamil Trust takes data security extremely seriously and for this reason we only use industry leading technology and techniques that have been approved to the highest standards including the UK Government’s HMG Infosec Standard No. 5 (the ‘Enhanced Standard’).
We use market-leading Blancco data erasure software. Blancco software is approved by the UK Government’s National Cyber Security Centre (NCSC) .
Using Blancco’s latest, certified version of software (or any similar software) we can always ensure erasure standards are maintained in line with technological advances.
Factory Resetting Policy
The Jamil Trust always cares about the personal data of our donors therefore we always reset the devices to the factory settings before giving to our beneficiaries.
Apple Device Restore
Apple devices and few other manufacturers have Find My Device security systems in place.
We will check whether this functionally is on or off, if it is on then we require donors to either remove this security function or provide us the username and password for their account to allow us to log into their account and disable this security function.
NOTE: WITHOUT THIS DISABLE THE APPLE DEVICES CAN NOT BE REUSED
Secure Data Erasure
If the hard drive or data bearing device is not removable then we use will erase and
sanitise using NCSC approved data wiping software. Data wiping is the only truly assured method of data destruction, as each individual drive generates its own hard drive erasure report, certifying the date and method used. Drives which fail the wiping process will be physically destroyed.
To erase data we use Blancco software which generates an individual, automatically produced data erasure report. This details information including: the hard drive serial number, hard drive capacity and erasure level of 100%. We provide these reports for each collection to a donor on request. This provides traceability required for a comprehensive data audit trail to meet GDPR standards.
Where required we can provide secure collection via GPS-tracked vehicles and DBS-cleared staff to transport equipment.
Secure Physical Data Destruction
The Jamil Trust provides secure physical data destruction in the event that hard drives are not in a working condition, or where a donor’s requirements dictate physical destruction. To achieve this we use a solid steel punch that delivers four tonnes of hydraulic force to bend, mangle and pierce the drive’s housing and platters. The conical punch of the unit causes catastrophic trauma to the hard drive’s chassis whilst destroying its internal platters (the circular disks that store magnetic data). Following the hard drive crushing process with our pneumatic lever this renders the hard drive’s platters as completely unreadable, ensuring complete data destruction.
This process is suitable for all kinds of hard drive formats and meets the DIN 66399 Standard security level H-3, guidelines for the physical damage of media. On request, we provide records detailing the crushed hard drive serial number, capacity and, where relevant, asset information.
The Jamil Trust does not provide on-site physical destruction or shredding of data.