You can buy a big degausser. 
Looks like a large-size microwave.
Zap the disks before returning them.

I think your hardware contract costs more because of that, but it's
probably cheaper than a lawsuit!



-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Lamb, Charles P.
Sent: Friday, January 26, 2007 11:07 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Disposition of Failed Storage Devices

Hi............

Our IT management is looking at implementing a process for disposition
of failed storage devices. We have a hardware contract with both IBM and
EMC.  Our IT management is not sure that our data would be secured and
deleted correctly.  

Here is an excerpt from our security group.

>From my perspective, what we have from IBM/EMC so far isn't sufficient.
My opinion is that in order for us to consider a vendor's approach
suitable- there needs to be more focus on data breach law compliance
support.  For example, if we can confirm that their approach (or related
optional enhancements) is audited, secured, traceable,
employee/subcontractor vetting/background checking, and includes
appropriate notification of potential data breach, etc and that their
program is also periodically third party audited (& ideally court case
tested).. we're in a much better position. If/when they notify us of
loss, we also would need full cooperation in related investigation
efforts and confirming ultimate disposition.

Your company's process would be appreciated. Thoughts??  Tnx's a bunch
for your input.