Data Security for Donated Devices
Donated machines often have personal data on the hard drive. This section describes the processes that Tech To All uses to destroy that data, keeping it secure for the donors.
1 - Secure custody.
All incoming material that may have donor data on it is placed in our locked cage. Only authorized personnel have access to the cage. These are volunteers who are removing items for provisioning, or accepting donations and placing them in the cage.
2 - Data destruction.
This is done via 1 of 2 methods.
2a - Electrical. If the drive powers up, we wipe it using a destructive testing process. We write zeros to all sectors of the drive using the GPL program badblocks. That securely overwrites the original data, destroying it. We then read back the data to ensure that it's all zeros. If it isn't, then the drive is bad, and we proceed to step 2B, physical destruction.
2b - Physical. If we can't wipe the data using electrical means, then we render the drive inoperable by physically damaging it with a rock hammer. This ensures that the platters can't rotate (mechanical drive), or that the flash memory chip(s) are destroyed (solid state drive).
3 - Not NAID certified.
These practices are a subset of what is recommended by the industry group NAID. However, we are not certified by them, as their inspection / auditing fees, certification fees, and personnel drug testing policies are not something that we are willing to do at this point, given our business model. Nor do we have 24/7 remote video recording of the cage, although it is in a locked building.