Worried about security? Here’s what to ask your device sellback company

Craig Melissare

06/19/2020

How is data erased from devices we sell back?

When selling back iPads and MacBooks, organizations want to make sure that devices are secure and that data on the devices is erased so sensitive or identifying data no longer exists on them. This includes data housed in the device, as well as any identifying engravings or stickers on a device.

This is especially important for schools that allow students to take devices home, where parents may use the device to access banking sites and other applications.

When looking for a sellback company, ask about the following:

How are my devices secured when they leave my school?

Sellback partners should have facilities with protocols in place to secure devices at all times. All equipment received by Second Life Mac is handled by authorized personnel and stored in a secure, locked facility. The facility is monitored by security cameras and an alarm system.

How is data removed from devices?

Data sanitization is the process of deliberately, permanently and irreversibly removing or destroying the data stored on a device to make it unrecoverable. Second Life Mac partners with Blancco Technology Group to ensure that sensitive customer information is erased to Department of Defense standards using two methods:

  • Data overwrite—Blancco Device Erasure overwrites all addressable storage and indexing locations on memory drives with zeros and then verifies the process is successful.
  • NIST 800-88 Purge—Blancco Device Erasure overwrites all addressable storage and indexing locations on hard drives, including Host Protected Areas (HPAs), with random characters, then verifies the process is successful.

How can I be certain employees can’t access our data during the audit?

With the right protocols in place, employees never have access to data during the audit process. By overwriting the data on the storage device, the data is rendered unrecoverable and is not exposed during or after a Second Life Mac audit.

What happens if a device doesn’t turn on or is severely damaged?

Sometimes a device can be so damaged that refurbishment isn’t warranted. It’s important to make sure these devices are disposed of properly so data can’t be accessed. Second Life Mac partners with a secure recycling company that adheres to the stringent requirements of Sarbanes-Oxley, Gramm-Leach-Bliley (GLB) and the Health Insurance Portability and Accountability Act (HIPAA).

How do I know that data has been erased?

A sellback partner should provide free certificates of data erasure for devices. Once all data is removed from the devices, Second Life Mac delivers a tamper-proof certificate demonstrating that the erasure has been successful, along with information about the erasure standards used.

What else should I be concerned about?

Some trade in vendors will simply broker the devices and sell them to another company for refurbishing. This becomes a problem if data on the devices isn’t properly erased, or if unlocked devices are sold and new owners start contacting the school for help.

Also, ask a sellback vendor if they employ temporary workers in sensitive positions, including device pick up and refurbishing, which are parts of the process where data can be compromised.