Data Security & Destruction
Protecting your data is as important as protecting the environment. AK Recycling provides certified, documented data destruction for every type of storage media—with a chain of custody you can trust.
Why Data Security Matters in Electronics Recycling
When organizations retire old computers, servers, and storage devices, the data those devices contain remains until it is actively destroyed. Simply deleting files or reformatting a drive does not make data unrecoverable—forensic tools can retrieve data from drives that have been formatted or had their operating systems reinstalled. For organizations that handle sensitive customer information, financial records, health data, or proprietary business information, improperly disposed storage devices represent a significant security and compliance risk.
Data breaches involving discarded IT equipment have resulted in substantial regulatory fines, class action lawsuits, reputational damage, and harm to the individuals whose information was exposed. The risks are real and the consequences are significant. Proper data destruction—performed to documented standards and accompanied by verifiable certificates—is the responsible and compliant approach to IT asset disposition.
Data Security Quick Facts
- Formatting a drive does NOT erase data
- Deleted files remain recoverable until overwritten
- Failed drives may still yield data forensically
- SSDs require physical destruction, not degaussing
- HIPAA, SOX, GLBA, CCPA require documented disposal
- Certificates of Destruction satisfy audit requirements
- Chain of custody begins at your facility
- On-site destruction available for maximum security
Our Data Destruction Methods
Software Wiping
For functioning hard drives, we perform multi-pass overwriting in compliance with DoD 5220.22-M and NIST SP 800-88 guidelines. The drive is overwritten with random data in multiple passes, rendering the original data unrecoverable. This method allows the drive to be reused, which has environmental and economic benefits when appropriate.
Applicable to: Functioning HDDs
Standard: DoD 5220.22-M / NIST SP 800-88
Degaussing
Our industrial degausser generates a powerful magnetic field that permanently randomizes the magnetic patterns in which data is stored on magnetic media. Degaussed drives are permanently non-functional and cannot be reused. The process is fast, effective, and verifiable. Note: degaussing is not effective on solid-state storage and should not be used for SSDs or USB drives.
Applicable to: Magnetic HDDs, tape media
Result: Permanently non-functional
Physical Shredding
Industrial shredders reduce hard drives, SSDs, USB drives, and other storage media to fragments of less than two inches, making data recovery physically impossible. This is the most absolute form of data destruction and is appropriate for all media types, for non-functional drives, and for the highest security requirements. Serial numbers are recorded before destruction.
Applicable to: All storage media types
Security level: Absolute
Compliance Framework Coverage
AK Recycling's data destruction services and documentation are designed to support compliance with major regulatory frameworks.
| Regulation | Industry | Key Requirement | How We Help |
|---|---|---|---|
| HIPAA | Healthcare | ePHI rendered unreadable at disposal | Certified destruction + COD documentation |
| SOX | Public companies | Financial records properly disposed and documented | Documented chain of custody + COD |
| GLBA | Financial institutions | Customer financial data properly disposed | Certified destruction + COD documentation |
| CCPA | CA businesses with consumer data | Demonstrate data deletion on request | Certified destruction + verifiable COD |
| GDPR | EU data processors | Right to erasure, documented deletion | Certified destruction + COD documentation |
| FACTA | Consumer data holders | Proper disposal of consumer report information | Certified destruction + COD documentation |
| DoD 5220.22-M | Defense contractors | Multi-pass overwrite for sensitive media | Compliant wiping procedures + COD |
| NIST SP 800-88 | Government & broader | Media sanitization guidelines | NIST-compliant methods + documentation |
Chain of Custody Process
- Intake & Logging
When storage devices arrive at our facility—either dropped off or collected via pickup—each device is individually logged. We record the type of device, make, model, and serial number where available. An intake receipt documents what was received and when.
- Secure Storage
Drives awaiting destruction are stored in secured, access-controlled areas of our facility. Devices are not commingled with general material streams and are not processed through any other operation before destruction is confirmed.
- Destruction
Destruction is performed by trained technicians using the appropriate method for the media type and the customer's requirements. The destruction event is documented, including the date, method, quantity, and technician identifier.
- Certificate Issuance
A Certificate of Data Destruction is prepared identifying the destroyed devices, the destruction method, the date, and the authorizing technician. This certificate is signed and provided to the customer in digital format.
- Material Recycling
After destruction, the physical remnants of storage devices—aluminum, steel, electronic components—are recycled through our normal material streams. Even the physical materials are handled responsibly through certified downstream processors.
Storage Devices We Accept for Destruction
Hard Drives & Solid State
- Desktop and laptop hard disk drives (HDD)
- Solid-state drives (SSD) — 2.5", M.2, PCIe
- Enterprise and server hard drives
- NAS and SAN drives
- External hard drives
- USB flash drives and thumb drives
- SD cards and memory cards
Magnetic & Optical Media
- Magnetic tape cartridges (LTO, DLT, DAT)
- Floppy disks
- Zip and Jaz disks
- CDs, DVDs, Blu-ray discs (with data)
- Backup tape media
Mobile & Embedded Storage
- Smartphone and tablet storage
- Embedded flash storage in devices
- eMMC storage modules
- Network equipment with flash storage
- Copier and printer hard drives
Specialty Media
- Server rack storage arrays
- RAID array drives
- Medical imaging storage devices
- Financial terminal storage
- POS system storage
Don't see your media type? Call us at 323.581.5700 and we will advise you on the appropriate destruction method for your specific media.
Frequently Asked Questions
These three data destruction methods differ in their mechanism, applicability, and the level of assurance they provide. Understanding the differences helps organizations choose the right method for their specific requirements.
Software-based wiping—also called overwriting or sanitization—uses software to overwrite all data on a storage device with random or patterned data, rendering the original data unreadable. This process can be applied to functioning hard drives and is reversible in the sense that the drive remains functional after wiping and can be reused. Wiping is efficient for large volumes of functioning drives and is appropriate for many use cases. The DoD 5220.22-M standard specifies a multi-pass overwrite pattern, and NIST SP 800-88 provides guidance on when wiping is sufficient versus when physical destruction is required.
Degaussing uses a powerful magnetic field to randomize the magnetic domains in which data is stored on magnetic media, effectively erasing the drive. Degaussing permanently destroys the drive's servo tracks and other low-level structures, rendering it non-functional—a degaussed drive cannot be reused. Degaussing is fast and effective for magnetic hard drives and tape media. However, it is completely ineffective on solid-state drives (SSDs), USB drives, and other flash-based media, which do not use magnetic storage. For those media types, physical destruction is required.
Physical shredding uses industrial equipment to reduce a drive to small fragments—typically less than two inches—that cannot be reassembled. Shredding is the most absolute form of destruction and is appropriate for the highest security requirements, for non-functional drives that cannot be wiped, and for SSDs and other non-magnetic media. Shredded drives cannot be reused, but the materials—aluminum, steel, electronic components—can be recycled. AK Recycling provides certificates of destruction for all shredded drives with details of what was destroyed and when.
The appropriate data destruction method depends on the sensitivity of the data involved, your organization's security policies, applicable regulatory requirements, and practical considerations like drive functionality and volume. AK Recycling can help you evaluate these factors and recommend the right approach.
For most business computers retiring after a typical IT lifecycle—devices that contained general business data, employee records, or customer information—certified software wiping to DoD or NIST standards provides an appropriate level of assurance. The drives can potentially be reused after wiping, which has environmental and economic benefits. If your organization can provide documentation that drives were wiped before delivery to us, we will note that in our documentation. If you prefer we perform the wiping, we can do so and provide a certificate.
For organizations in regulated industries—healthcare under HIPAA, financial institutions under SOX and GLBA, companies holding sensitive personal data under CCPA or GDPR—physical destruction of drives containing the most sensitive categories of data is often the most prudent approach, regardless of whether the drives could theoretically be wiped. Physical destruction eliminates any possibility of data recovery and provides the highest level of documented assurance. Many compliance frameworks specifically recommend or require physical destruction for certain categories of regulated data.
For non-functional drives—drives that have failed and cannot be accessed for wiping—physical shredding is the only reliable path to data destruction. If a drive cannot spin up and accept write commands, software wiping cannot be performed, regardless of the drive's data contents. Organizations should never assume that a failed drive is safe from data recovery; forensic tools can sometimes recover data from drives with significant physical damage. Only physical shredding eliminates this possibility.
A Certificate of Data Destruction (also called a Certificate of Destruction or COD) is a formal document that provides written verification that specific data-bearing devices were destroyed in accordance with documented standards and procedures. This certificate serves as your organization's evidence of compliance with data protection regulations and your internal security policies.
AK Recycling's Certificate of Data Destruction includes the date destruction was performed, the method of destruction used (e.g., DoD 5220.22-M wipe, degauss, or shredding), an identification of the devices destroyed (by type, make, model, and serial number where available), the quantity of devices destroyed, and the signature of an authorized AK Recycling technician attesting to the destruction. For in-facility destruction, we also note the facility location.
This documentation is designed to satisfy the record-keeping requirements of major regulatory frameworks. Healthcare organizations covered by HIPAA are required to maintain documentation of the disposal of protected health information (PHI), including the means of disposal. Financial institutions subject to SOX, GLBA, and SEC regulations must maintain records of how they disposed of records containing customer financial information. Companies subject to CCPA and GDPR must be able to demonstrate compliance with data deletion requirements.
Many of our business customers maintain these certificates in their permanent compliance files. Some include them in annual reports to their boards, use them in vendor qualification documentation, or provide them in response to regulatory examinations. We provide certificates in digital format, typically within a few business days of the destruction event. If you need certificates on a specific timeline to meet a compliance deadline, please let us know and we will prioritize accordingly.
Yes, AK Recycling offers on-site data destruction services at your facility for organizations that require it. On-site destruction—where hard drives and other storage media are physically destroyed at your location while you or your authorized representative witness the process—provides the highest level of assurance for highly sensitive data environments. When the drives never leave your facility intact, there is no possibility of a chain-of-custody breach during transit.
Our mobile shredding service deploys our destruction equipment directly to your location. Your IT staff or security officer can observe the destruction process and confirm that specific drives were destroyed. We document the destruction on-site, capturing serial numbers and other identifying information before destruction. The Certificate of Data Destruction we provide for on-site jobs specifies the location where destruction occurred—your facility—which is sometimes required for the highest security frameworks.
On-site destruction is particularly valued by government agencies, defense contractors, financial institutions, law firms, healthcare organizations, and other entities whose data sensitivity or security policies require visible chain of custody throughout the destruction process. It eliminates the question of what might happen during transit to an off-site facility.
For organizations that prefer in-facility destruction—where we collect the drives and destroy them at our Los Angeles facility—we maintain strict chain of custody from pickup through destruction. All drives are kept secure in locked containers during transport, logged upon arrival, and destroyed in documented, supervised destruction events. In-facility destruction is documented with the same certificate of destruction. Both on-site and in-facility options are available; please call us at 323.581.5700 to discuss which approach best fits your requirements.
Data destruction compliance under major regulatory frameworks is a matter of both having the right processes and being able to document them. Regulations like HIPAA, SOX, GLBA, CCPA, and GDPR do not typically specify a particular destruction method in fine detail, but they do require that organizations take appropriate measures to protect regulated data through its entire lifecycle, including at the point of disposal, and that they maintain records demonstrating compliance.
HIPAA, the Health Insurance Portability and Accountability Act, requires covered healthcare entities and their business associates to implement policies and procedures to address the final disposition of electronic protected health information (ePHI) and the hardware or electronic media on which it is stored. The HIPAA Security Rule's implementation specification for media disposal requires that ePHI be rendered "unreadable, indecipherable, and otherwise cannot be reconstructed." AK Recycling's certified destruction methods satisfy this requirement, and our documentation is designed to support HIPAA compliance records.
The Sarbanes-Oxley Act (SOX) and the Gramm-Leach-Bliley Act (GLBA) impose records retention and destruction requirements on public companies and financial institutions, respectively. These frameworks require that records be properly disposed of when no longer needed and that disposal be documented. Our destruction certificates provide the documentation these frameworks require.
California's Consumer Privacy Act (CCPA) and the European Union's General Data Protection Regulation (GDPR) impose obligations around the deletion and destruction of personal data. When consumers exercise their right to deletion, organizations must be able to demonstrate that the data has actually been deleted—including from backup media and decommissioned hardware. Our data destruction services and documentation support compliance with these requirements. If your organization has specific compliance questions, we recommend consulting with your legal or compliance counsel, and we are happy to provide information about our processes that your counsel can evaluate.