[ale] Off Topic, hard drive shredder

Ron Frazier atllinuxenthinfo at c3energy.com
Fri Aug 5 11:00:21 EDT 2011


Sparr,

I did some research into this industry in the past but never got 
involved in it.  There is a market, especially since many corporations 
are subject to data retention and destruction laws.  Sarbanes-Oxley 
(spelling?) and HIPAA come to mind, but there are many others.  You 
would have to get various permits and certifications, both from the 
point of view of providing the service, but also standards compliance, 
dealing with confidential data, protection of the hard drives, etc. on 
the way to destruction, so they're not stolen from your car or business 
location and 100,000 people's identity is stolen.  As someone mentioned, 
you'd also be dealing with toxic waste, so there would be permits and 
requirements for that.  Also, you don't want yourself or your workers 
breathing the dust from the shredder, etc., since it will contain lead 
and glass (which some hard drive platters are made of) among other 
things.  On a technical note, because of the incredible data density of 
a modern hard drive, you literally have to grind it to particles as 
small as a grain of sand so it's immune to forensic analysis in case 
someone REALLY wanted to get the data.  So, you have to be concerned 
about just HOW destroyed the customer wants the data.

As just one example of the need for this type of thing, I heard the 
following on Steve Gibson's Security Now podcast ( 
http://www.twit.tv/sn   http://www.grc.com/securitynow.htm ).  When you 
go to the office store and make a copy now, you are not making a direct 
copy onto a photosensitive drum as in the past.  The copier is a 
scanner, hooked to a computer, and often to a network.  So, the image is 
scanned, STORED ON A HARD DRIVE, then sent to a laser print engine.  You 
get your copy and leave, but the image is STILL ON THE HARD DRIVE.  
Well, when these machines are decommissioned, they're sent to the 
secondary market for used equipment.  Many times, the HARD DRIVES ARE 
NOT WIPED.  A major news media investigative team bought 4 copy machines 
on the used market and went looking to see what was on the internal hard 
drives.  It just so happens that one of the machines was from a 
sheriff's office, and it had 10,000 or so photocopies of people's 
driver's licenses and police reports, etc.  These things are routinely 
shipped to places like China or India and are a veritable feast of data 
for identity thieves.  Think about that the next time you photocopy your 
tax return.  Anyway, a responsible copier company would hire someone to 
wipe the hard drives.  One potential problem in that case, is that you 
cannot destroy the hard drive, or the copier will not function, so it's 
a problem.  But, you can see the need for data destruction.

There are a number of competitors in this market.  Iron Mountain is one 
that operates in all 50 states.  You can get some cool information from 
their website.

http://www.ironmountain.com/

These Google searches should get you started on your research:

data destruction standards laws -
      
https://encrypted.google.com/search?hl=en&as_q=data+destruction+standards+laws&as_epq=&as_oq=&as_eq=&tbs=&num=100&lr=&as_filetype=&ft=i&as_sitesearch=&as_qdr=all&as_rights=&as_occt=any&cr=&as_nlo=&as_nhi=&safe=images

data destruction standards laws Georgia -
      
https://encrypted.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=data+destruction+standards+laws+georgia&btnG=Search

data destruction ("sarbanes oxley" OR hipaa)
      
https://encrypted.google.com/search?num=100&hl=en&lr=&as_qdr=all&sa=X&ei=XwE8TpXSL8m3twe6_umCAw&ved=0CCoQvwUoAQ&q=data+destruction+%28%22sarbanes+oxley%22+OR+hipaa%29&spell=1

data destruction certification
      
https://encrypted.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=data+destruction+certification&btnG=Search

data destruction service
      
https://encrypted.google.com/search?hl=en&as_q=data+destruction+service&as_epq=&as_oq=&as_eq=&tbs=&num=100&lr=&as_filetype=&ft=i&as_sitesearch=&as_qdr=all&as_rights=&as_occt=any&cr=&as_nlo=&as_nhi=&safe=images

data destruction service Georgia
      
https://encrypted.google.com/search?num=100&hl=en&lr=&as_qdr=all&q=data+destruction+service+georgia&btnG=Search

If I can find more data, I'll forward it along.  Good luck if you decide 
to proceed.  Just get all your technical and legal ducks in a row.  The 
flip side of data destruction is data retention.  There is a big market 
for that too, but is usually takes lots of capital to get into.

Sincerely,

Ron

On 8/5/2011 12:47 AM, Sparr wrote:
> I've recently come into possession of a large security disintegrator,
> designed for shredding things like hard drives and tapes and such. I'm
> trying to figure out what to do with it. Selling it is, of course, an
> option, but I was thinking of possibly starting up a small security
> business to destroy hard drives for people. Is there a market for that
> in Atlanta?
>
>    

-- 

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new messages very quickly.)

Ron Frazier

770-205-9422 (O)   Leave a message.
linuxdude AT c3energy.com



More information about the Ale mailing list