ForewordxvIntroductionxixChapter 1 End of Life for Data 11.1 Growth of Data 31.2 Managing Data 41.2.1 Discovery 41.2.2 Classification 51.2.3 Risk 61.3 Data Loss 61.3.1 Accidental 71.3.2 Theft 71.3.3 Dumpster Diving 91.4 Encryption 91.5 Data Discovery 91.6 Regulations 101.7 Security 101.8 Legal Discovery 111.9 Data Sanitization 121.10 Ecological and Economic Considerations 131.10.1 Ecological 131.10.2 Economic 131.11 Summary: Proactive Risk Reduction and Reactive End of Life 14Chapter 2 Where Are We, and How Did We Get Here? 152.1 Digital Data Storage 162.2 Erasing Magnetic Media 172.3 History of Data Erasure 172.3.1 The Beginnings of Commercial Data Erasure 192.3.2 Darik's Boot and Nuke (DBAN) 192.4 Summary 21Chapter 3 Data Sanitization Technology 233.1 Shredding 243.2 Degaussing 243.3 Overwriting 253.4 Crypto- Erase 273.5 Erasing Solid- State Drives 283.6 Bad Blocks 293.7 Data Forensics 293.8 Summary 31Chapter 4 Information Lifecycle Management 334.1 Information Lifecycle Management vs. Data Lifecycle Management 334.2 Information Lifecycle Management 344.2.1 Lifecycle Stages 344.3 Data Security Lifecycle 354.3.1 Stages for Data Security Lifecycle 364.4 Data Hygiene 364.5 Data Sanitization 374.5.1 Physical Destruction 374.5.2 Cryptographic Erasure 374.5.3 Data Erasure 384.6 Summary 39Chapter 5 Regulatory Requirements 415.1 Frameworks 425.1.1 NIST Cybersecurity Framework Applied to Data 425.2 Regulations 435.2.1 GDPR 445.2.1.1 The Right to Erasure 455.2.1.2 Data Retention 515.2.2 HIPAA Security Rule Subpart c 535.2.3 PCI DSS V3.2 Payment Card Industry Requirements 565.2.4 Sarbanes-Oxley 585.2.5 Saudi Arabian Monetary Authority Payment Services Regulations 595.2.6 New York State Cybersecurity Requirements of Financial Services Companies 23 NYCRR 500 595.2.7 Philippines Data Privacy Act 2012 605.2.8 Singapore Personal Data Protection Act 2012 615.2.9 Gramm-Leach-Bliley Act 615.3 Standards 625.3.1 ISO 27000 and Family 625.3.2 NIST SP 800- 88 635.4 Summary 65Chapter 6 New Standards 676.1 IEEE P2883 Draft Standard for Sanitizing Storage 686.1.1 Data Sanitization 686.1.2 Storage Sanitization 686.1.3 Media Sanitization 686.1.4 Clear 696.1.5 Purge 696.1.6 Destruct 696.2 Updated ISO/IEC CD 27040 Information Technology Security Techniques-- Storage Security 706.3 Summary 71Chapter 7 Asset Lifecycle Management 737.1 Data Sanitization Program 737.2 Laptops and Desktops 747.3 Servers and Network Gear 767.3.1 Edge Computing 787.4 Mobile Devices 797.4.1 Crypto- Erase 807.4.2 Mobile Phone Processing 807.4.3 Enterprise Data Erasure for Mobile Devices 817.4.3.1 Bring Your Own Device 817.4.3.2 Corporate- Issued Devices 817.5 Internet of Things: Unconventional Computing Devices 827.5.1 Printers and Scanners 827.5.2 Landline Phones 827.5.3 Industrial Control Systems 827.5.4 HVAC Controls 837.5.5 Medical Devices 837.6 Automobiles 837.6.1 Off- Lease Vehicles 847.6.2 Used Vehicle Market 857.6.3 Sanitization of Automobiles 857.7 Summary 86Chapter 8 Asset Disposition 878.1 Contracting and Managing Your ITAD 888.2 ITAD Operations 898.3 Sustainability and Green Tech 918.4 Contribution from R2 918.4.1 Tracking Throughput 918.4.2 Data Security 928.5 e- Stewards Standard for Responsible Recycling and Reuse of Electronic Equipment 928.6 i- SIGMA 938.7 FACTA 938.8 Summary 95Chapter 9 Stories from the Field 979.1 3stepIT 989.2 TES - IT Lifecycle Solutions 1019.2.1 Scale of Operations 1039.2.2 Compliance 1049.2.3 Conclusion 1049.3 Ingram Micro 1049.4 Summary 106Chapter 10 Data Center Operations 10910.1 Return Material Allowances 11010.2 NAS 11010.3 Logical Drives 11010.4 Rack- Mounted Hard Drives 11110.5 Summary 112Chapter 11 Sanitizing Files 11311.1 Avoid Confusion with CDR 11311.2 Erasing Files 11411.3 When to Sanitize Files 11511.4 Sanitizing Files 11611.5 Summary 116Chapter 12 Cloud Data Sanitization 11712.1 User Responsibility vs. Cloud Provider Responsibility 11712.2 Attacks Against Cloud Data 11912.3 Cloud Encryption 11912.4 Data Sanitization for the Cloud 12012.5 Summary 121Chapter 13 Data Sanitization and Information Lifecycle Management 12313.1 The Data Sanitization Team 12413.2 Identifying Data 12413.3 Data Sanitization Policy 12413.3.1 Deploy Technology 12513.3.2 Working with DevOps 12513.3.3 Working with Data Security 12513.3.4 Working with the Legal Team 12513.3.5 Changes 12613.4 Summary 126Chapter 14 How Not to Destroy Data 12714.1 Drilling 12714.1.1 Nail Gun 12814.1.2 Gun 12814.2 Acids and Other Solvents 12814.3 Heating 12814.4 Incineration 12914.5 Street Rollers 12914.6 Ice Shaving Machines 129Chapter 15 The Future of Data Sanitization 13115.1 Advances in Solid- State Drives 13215.2 Shingled Magnetic Recording 13315.3 Thermally Assisted Magnetic Recording, Also Known as Heat- Assisted Magnetic Recording 13315.4 Microwave- Assisted Magnetic Recording 13415.5 DNA Data Storage 13515.6 Holographic Storage 13515.7 Quantum Storage 13615.8 NVIDMM 13715.9 Summary 138Chapter 16 Conclusion 139Appendix Enterprise Data Sanitization Policy 143Introduction 143Intended Audience 143Purpose of Policy 144General Data Hygiene and Data Retention 144Data Spillage 144Handling Files Classified as Confidential 144Data Migration 144End of Life for Classified Virtual Machines 145On Customer's Demand 145Seven Steps to Creating a Data Sanitization Process 145Step 1: Prioritize and Scope 146Step 2: Orient 146Step 3: Create a Current Profile 146Step 4: Conduct a Risk Assessment 147Step 5: Create a Target Profile 147Step 6: Determine, Analyze, and Prioritize Gaps 147Step 7: Implement Action Plan 147Data Sanitization Defined 147Physical Destruction 148Degaussing 148Pros and Cons of Physical Destruction 148Cryptographic Erasure (Crypto- Erase) 148Pros and Cons of Cryptographic Erasure 149Data Erasure 149Pros and Cons of Data Erasure 150Equipment Details 150Asset Lifecycle Procedures 151Suggested Process, In Short 152Create Contract Language for Third Parties 152Data Erasure Procedures 152Responsibility 152Validation of Data Erasure Software and Equipment 153Personal Computers 153Servers and Server Storage Systems 154Photocopiers, Network Printers, and Fax Machines 154Mobile Phones, Smartphones, and Tablets 154Point- of- Sale Equipment 155Virtual Machines 155Removable Solid- State Memory Devices (USB Flash Drives, SD Cards) 155CDs, DVDs, and Optical Discs 155Backup Tape 155General Requirements for Full Implementation 155Procedure for Partners and Suppliers 155Audit Trail Requirement 156Policy Ownership 156Mandatory Revisions 156Roles and Responsibilities 157CEO 157Board of Directors 157Index 159

RICHARD STIENNON is a renowned cybersecurity industry analyst. He has held executive roles with Gartner, Webroot Software, Fortinet, and Blancco Technology Group. He was a member of the Technical Advisory Committee of the Responsible Recycling standard.RUSS B. ERNST has over twenty years' experience in product strategy and management and is frequently sought for comment on issues related to data security in the circular economy. As Chief Technology Officer at Blancco Technology Group, he is responsible for defining, driving and executing the product strategy across the entire Blancco data erasure and device diagnostics product suite.FREDRIK FORSLUND has over 20 years' experience in the data sanitization industry. He is the Director of the International Data Sanitization Consortium (IDSC) and is a sought-after speaker on topics related to IT security and data protection.