Collecting and Protecting an Intangible Asset – Personally Identifiable Information

In 2023, Meta, the largest social media platform, was fined a record $1.3 billion for not complying with European Union data protection rules. Such a hefty fine exemplifies the legal consequences of mishandling Personally Identifiable Information (PII) and the rising value of this intangible asset. 

While PII cannot be used or exchanged as currency, it is a growing asset and responsibility for companies. Properly collecting and disposing of data are some of the major obstacles when managing PII. According to the U.S. Department of Labor, PII can be information that permits the identity of an individual to whom the information applies to be reasonably inferred by direct or indirect means. Examples of this information are name, address, social security number, telephone number, email address, etc. Such a wide range of information increases the difficulty of creating a one-size-fits-all policy. 

In the U.S., there isn’t a single policy like the General Data Protection Regulation (GDPR), but instead a mix of laws such as HIPAA, FCRA, FERPA, GLBA, ECPA, COPPA, and VPPA. These laws are designed to target different types of data and apply to different industries. Despite this complexity, most midsize and large companies practice common processes for Data Destruction, which include handling sensitive data and PII. 

Data destruction can be accomplished through data cleansing or physical hard drive destruction. Data cleansing involves removing all sensitive data from a device, leaving the device in working condition, and maximizing its resale value – also known as refurbished units. Data Cleansing is done through:

  • DOD, a multiple-pass U.S. Department of Defense Specification, and the most comprehensive and secure data cleansing method. 
  • One-pass overwrite of the entire hard drive, a sufficient method for solid-state hard drives that avoids damaging the drive. 

When data cleansing is not possible, physical hard drive destruction services are the best solution to protect your organization. Secure and certified hard drive destruction services remove and destroy the hard drive to physically eliminate data. Hard drive shredding is the process of demolishing non-working drives with a portable or onsite hard drive shredder. Once the hard drives are destroyed, industrial hardware shredders recycle the remaining metals and circuit board materials, ensuring that all private and confidential information is gone for good. 

Avoiding unreasonable fines and reputation damage is essential for companies nowadays. This is why working with well-established ITAD companies like CDR Global is the most secure and reasonable option for managing data destruction. As we head into the future, understanding the legal requirements for handling and disposing of PII or sensitive data will become a normal part of all businesses. 


See how our team is serving clients and making impacts in the ITAD industry.
  • Case Studies

    Case Study: How Two School Districts Turned Retired IT Assets into Revenue with CDR Global

  • Solutions

    The Importance of Cyber Security Awareness Training

We want to provide you with the solutions needed to get the job done.