< All Topics

What are the requirements for data destruction in the R2 Standard?

Q: What is the purpose of the data destruction requirements in the R2 Standard?

A: The purpose of the data destruction requirements in the R2 Standard is to ensure that all data stored on electronic devices is properly and permanently destroyed before those devices are reused, recycled, or disposed of. This helps to protect the privacy and security of individuals and organizations whose data may be stored on these devices and to prevent the unauthorized access or use of sensitive information.

Q: What are the acceptable methods for data destruction under the R2 Standard?

A: The R2 Standard recognizes two primary methods for data destruction: physical destruction and data erasure. The specific requirements for each method are outlined in Appendix B of the standard:

  1. Physical destruction: This method involves the physical destruction of the data storage media, such as shredding, crushing, or pulverizing the device. The destruction process must render the data unreadable and unrecoverable.
  2. Data erasure: This method involves the use of software or hardware tools to overwrite or erase all data on the storage media. The erasure process must meet the requirements of the National Institute of Standards and Technology (NIST) Guidelines for Media Sanitization, or other recognized standards.

Q: What are the requirements for documentation and recordkeeping related to data destruction?

A: R2 certified facilities are required to maintain detailed records of all data destruction activities, including:

  1. The make, model, and serial number (or other unique identifier) of each device or media that undergoes data destruction.
  2. The method of data destruction used (physical destruction or data erasure).
  3. The date and time of the data destruction process.
  4. The name and signature of the individual(s) performing the data destruction.
  5. Verification that the data destruction process was successful and that the data is unrecoverable.

These records must be maintained for a minimum of three years and must be made available to auditors and other interested parties upon request.

By adhering to these data destruction requirements, R2 certified facilities can help to ensure the privacy and security of sensitive data throughout the electronics recycling process. This not only protects the interests of individuals and organizations but also helps to build trust and confidence in the electronics recycling industry as a whole.