How secure are my files after encrypting them?

east-tec InvisibleSecrets uses government-level 256-bit AES On-the-fly encryption (also known as Rijndael) to encrypt and protect your data. This is one of the most secure encryption algorithms. Secret files are highly secure. It also uses word leader industry standards such as the 256-bit Blowfish encryption algorithm which is a highly secure method to protect your sensitive files.

How many sanitizations/licenses of east-tec DisposeSecure should I buy in order to erase all hard disks connected to a computer/server?

A single sanitization allows you to erase 1 (one) entire hard disk or partition a single time. If the computer has 5 hard disks attached, you need 5 sanitizations. If the computer has 1 hard drive and you want to sanitize it 5 times, you also need 5 sanitizations. Therefore, it is important to know the number of hard disks you want to completely erase and the number of times you want to erase each hard disk.

Does east-tec DisposeSecure comply with regulations regarding Privacy Laws?

Yes, east-tec DisposeSecure is compliant with relevant regulations regarding data erasure. Data erasure is a general obligation data controllers (such as companies, government departments or voluntary organisations, or even individuals such as G.P.’s, pharmacists or sole traders) have to satisfy, in compliance with international data security standards and directives, under certain conditions, for instance before they dispose of IT assets, or if personal data they store became obsolete, or is no longer needed for the purpose it was collected for. Personal data is data that identifies a person, and it may include the full name, social security number, etc.

We are going to list the most important regulations, give you a summary of their content, highlight in what way east-tec DisposeSecure can help you comply with them, and mention consequences of noncompliance in the USA, Canada, Japan, Australia and Europe. It is very important to be fully aware of the possible outcomes of noncompliance as, beyond the penalty figures we are going to share with you, negligent data handling and erasure have numerous other destructive impacts on the long run, including loss of business reputation, loss of sales revenue, identity theft, data leak, loss of investor trust and the most severe of all, serving time in prison. Let us start with a list of the most important international regulations:

  • Sarbanes Oxley Act
  • The Gramm-Leach-Biley Act Section 501
  • Fair and Accurate Credit Transactions Act of 2003 (FACTA) Section 216
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Fair Credit Reporting Act (Credit Reporting Industry)
  • NJ Assembly Bill A-1238
  • ISO 27001
  • ISO 15408
  • PCI DSS
  • WEEE Directive
  • UK Data Protection Act 1998
  • Federal Data Protection Act 2001 Germany
  • Personal Data Act 1998 Sweden
  • Data Protection Law 1978 France
  • The Personal Information Protection Act (JPIPA) Japan
  • Privacy Act 1988 Australia
  • Personal Information Protection and Electronic Documents Act (PIPEDA) Canada

And now the summary of the each regulations that apply to data controllers. Data controllers are those who, either alone or with others, control the contents and use of personal data. Data Controllers can be either legal entities such as companies, Government Departments or voluntary organisations, or they can be individuals such as G.P.’s, pharmacists or sole traders.

USA Regulations

  • Sarbanes-Oxley Act (Corporate Auditing and Reporting Practices) requires companies to establish internal controls and procedures for financial reporting. This obviously means that the confidentiality and security of information are crucial foundations of compliance. Procedures would include managing customers, partners and employees financial, and privacy data. Data management should therefore include data destruction practice that handles issues of sensitive information stored on servers, hard drives, USB drives, when hardware is disposed of, or when data becomes obsolete, or is no longer allowed to be stored. east-tec DisposeSecure allows you to erase hard drives, or any other external device connected to your computer, removing data beyond forensic recovery. Detailed wiping reports are provided after the procedure to prove auditors that a data destruction practice is maintained. Consequences of non-compliance include: loss of exchange listing, loss of D&O (liability insurance), lack of investor trust, any CEO or CFO found guilty of submitting a wrong certification is subject to a fine up to $1 million and imprisonment for up to ten years, and in case of willful violation the fine can be increased up to $5 million and the prison term can be increased up to twenty years.
  • The Gramm-Leach-Biley Act Section 501 (Financial Services Modernization Act) is one of the most stringent regulation regarding the protection of customers personal financial information held by financial institutions. Its Section 501 requires financial institutions to guarantee the security and confidentiality of customer information. east-tec DisposeSecure helps you comply with this regulation by destroying customer data that are no longer needed, or became obsolete and by destroying customer data you store on hardware you intend to dispose of (computer, hard drive, media, USB drive etc). Consequences of non-compliance include: penalties of up to $10,000 per violation for officers and directors, and for the financial institution; penalties of up to $100,000 per violation; imprisonment for up to five years.
  • Fair and Accurate Credit Transactions Act of 2003 (FACTA) Section 216 requires companies, financial institutions, business owners who maintain or possess consumer data for business purposes to properly dispose of the information. east-tec DisposeSecure allows you to erase hard drives, or any other external hard disk and removable devices connected to your computer, removing data beyond forensic recovery. Consequences of non-compliance: civil actions by individuals affected, to pay for possible punitive damages and to pay attorney fee.
  • Health Insurance Portability and Accountability Act (HIPAA) requires organizations that store and transmit Protected Health Information (PHI) to properly dispose the data stored in electronic format on any hardware. east-tec DisposeSecure helps you comply with this regulation by irrecoverably erasing data from hard drives or from any external hard disk connected to your computer. Consequences of non-compliance include: penalty of $100 to $ 50,000 or more per violation.
  • Fair Credit Reporting Act (Credit Reporting Industry). Its Disposal Rule requires businesses and individuals to properly dispose of consumer records and sensitive information obtained from consumer reports. The Rule applies to individuals and both large and small organizations that use consumer reports, including: consumer reporting companies, lenders, insurers, employers, landlords, government agencies, mortgage brokers, car dealers, attorneys, private investigators, debt collectors, individuals who pull consumer reports on prospective home employees, such as nannies or contractors; and entities that maintain information in consumer reports as part of their role as a service provider to other organizations covered by the Rule. east-tec DisposeSecure helps you comply with this regulation by permanently erasing sensitive data stored on your hard drives or any external hard disk and removable devices connected to the computer. Consequences of non-compliance: to pay a fee of $100 to $1000, to pay the attorney fee, and to pay for possible punitive damages.
  • NJ Assembly Bill A-1238 requires destruction of records stored on digital copy machines and scanners before the devices change hands. east-tec DisposeSecure helps you comply with this regulation by destroying data stored on any removable devices connected to your computer beyond recovery. Consequences of non-compliance: to pay a fine of up to $2500 for the first offence and $5000 for subsequent offences.

Regulations outside of the USA

  • UK Data Protection Act 1998. The Data Protection Principle Section 5 states that ‘Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes’. Furthermore, Section 7 states that ‘Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data’. These clearly express that data destruction is necessary when data is no longer needed for a particular purpose, and that data needs to be protected from falling into the wrong hands, for instance before IT assets are disposed of, or change hands, to ensure that no personal data is left on them. east-tec DisposeSecure helps you comply with this regulation by securely erasing your hard drives, and other removable devices connected to your computer. Consequences of noncompliance: fines of up to £500,000 for non-compliance.
  • Federal Data Protection Act 2001 Germany. Its Section 35 states the conditions in which data must be securely erased, for instance if their storage is no longer needed for the purpose they were collected for. east-tec DisposeSecure helps you comply with this regulation by securely erasing your hard drives, or any external hard disk connected to your computer. Consequences of non-compliance include: € 300,000 for each instance of unlawful processing of personal data.
  • Personal Data Act 1998 Sweden. Its Section 9/h and i state: ‘all reasonable measures are taken to correct, block or erase such personal data as is incorrect or incomplete having regard to the purposes of the processing’ and ‘personal data is not kept for a longer period than that as is necessary having regard to the purpose of the processing’. These statements clearly indicate that secure data erasure practices needs to be maintained by those who process and store data. DisposeSecure helps you comply with this regulation by securely erasing your hard drives, or any device connected to your computer, that stores data no longer needed or allowed to be kept. Consequences of non-compliance include: to pay damages to a data subject, data controller can be subject to a fine or imprisonment of up to two years.
  • Data Protection Law 1978 France. Its Article 6/4 states regarding data handling ‘appropriate steps shall be taken in order to delete and rectify data that are inaccurate and incomplete with regard to the purposes for which they are obtained and processed’. east-tec DisposeSecure helps you comply with this regulation by securely erasing your hard drives, or any device connected to your computer that stores obsolete data, or data that are not allowed to be kept. Consequences of non-compliance include: 5 years imprisonment and/or €300,000 fine.
  • The Personal Information Protection Act (JPIPA). Japan Its Security Control Measure section states: ‘The Entity shall take necessary and appropriate measures to prevent the loss, destruction, damage, or unauthorized disclosure of the Personal Data and shall take other measures to ensure the secure management of Personal Data (Article 20). Such security control measures include organizational, personnel, physical, and technical security control measures’. According to that statement data erasure is necessary for instance before hardware that store that data (Pcs, USB media, etc) are disposed of, or change hands. DisposeSecure helps you comply with this regulation by securely erasing your hard drives, or any device connected to your computer that stores obsolete data, or data that are not allowed to be kept. Consequences of non-compliance include: persons who violate PIPA can face criminal penalties of up up to six months in prison and civil penalties of up to ¥300,000
  • Privacy Act 1988 Australia. Its Information Privacy Principles/4 states that ‘personal information must be stored securely to prevent its loss or misuse’. It is therefore the data controller’s responsibility to ensure that personal information do not fall into unauthorized hands, for instance when IT assets that store that data are disposed of, or change hands. DisposeSecure helps you comply with this regulation by securely erasing your hard drives, or any external hard disk connected to your computer, that contain the data in question. Consequences of non-compliance include: facing consequences of civil legal action, to pay damages not less than $1000 to data subject and to pay attorney fees.
  • Personal Information Protection and Electronic Documents Act (PIPEDA) states: ‘Protect personal information against loss or theft; safeguard the information from unauthorized access, disclosure, copying, use or modification’. It is therefore the responsibility of data controller to ensure that personal information do not fall into unauthorized hands, for instance when IT assets that store the data in question, are disposed of, or when they change hands. DisposeSecure helps you comply with this regulation by securely erasing your hard drives, or any external hard disk connected to your computer. Consequences of non-compliance include: fines range up to $100,000 depending upon the severity of the breach or non-compliance.
  • ISO 27001, ISO 15408, PCI DSS and European Union Directives require secure data removal. Secure data removal means unrecoverable erasure of data from hard drives, or from any media that contain personal data. east-tec DisposeSecure helps you comply with these regulation by erasing data stored on your hard drives or any hard disk connected to your computer, beyond recovery.
  • WEEE Directive regulates the proper handling of electronic waste. east-tec DisposeSecure help you comply with this directive as sanitised (erased) hard drives are ready for reuse to support green recycling.

What industry standards for data removal does east-tec DisposeSecure comply with?

east-tec DisposeSecure offers wiping methods against both software and hardware recovery tools. Stopping software recovery tools usually requires one pass overwriting, however, that number must be increased when it comes to stopping hardware recovery tools.

The software comes with 9 built-in industry standard compliant erasing options and you can find the list below. Besides them, east-tec DisposeSecure offers faster wiping solutions, with one or two wipe passes, but they are only safe against software recovery tools.

However, as it was mentioned earlier, if you prefer, you can also create your own custom wipe methods, thanks to east-tec DisposeSecure’s open architecture.

Here is the list of the built-in wiping methods:

  • Peter Gutmann (35 passes)
  • Bruce Schneier
  • US Naval Information Systems Management Center: NAVSO P-5239-26 (RLL)
  • US Naval Information Systems Management Center: NAVSO P-5239-26 (MFM)
  • US Air Force System Security Instruction 5020: AFSSI-5020
  • Russian Federation – Federal Agency on Technical Regulating and Metrology: GOST P50739-95
  • The German Federal office for IT Security: German VSITR, etc.

For a detailed description of each wiping method, please click here

Can east-tec DisposeSecure provide a detailed report of the sanitization process?

Yes, east-tec DisposeSecure provides an option for generating a log (report) file of the sanitizing process. DisposeSecure can generate a sanitizing log (report) for each drive that is sanitized.

Moreover, if sanitizing from the network, the log files will be generated and sent over the network to the computer (server) where east-tec DisposeSecure is installed. The log will contain information about the drive, the time and date of sanitizing, any errors that occur while sanitizing, etc.

There is also an option for generating US Department of Defense log files. In this case, east-tec DisposeSecure will also log extra information required by U.S. Department of Defense standards. The log file will also contain the exact contents of any sector that could not be sanitized.