AG Technology

Vector-AG Technology Limited

GDPR risks grow for unprepared businesses

Businesses are grappling with more stringent data laws since GDPR came into effect last May. As data security becomes a top priority for lawmakers, businesses are under pressure to ensure personal data and records are protected. 

GDPR regulations require businesses to seek consent from their users before processing data. The way data is handled is also crucial, especially when it is transferred between countries. In some cases, countries outside the EU don’t have what’s called an ‘adequacy’ agreement, which increases risk for data transference, and therefore businesses have to possess strict data processing policies. 

Because data is becoming more valuable and important to consumers, it’s essential that businesses are implementing proper data handling procedures which includes the safe removal of records, and dated information. The risk in having this information compromised, leaked, or published to the web means that, in the process of data removal, companies need to ensure that they have a way to fully erase those records without the possibility of recovery. 

In order for a business to have certainty with data removal, it is recommended to use software erasure and degaussing in combination. The reason for this is that a business can not only prove that is has erased the physical data from the medium, but that it has also been magnetically wiped. 

Verity Systems provides a full solution for data erasure which enables companies to ensure they have total compliance with GDPR and can remove data safely from older systems including hard drives (HDD and SSD), as well as tapes. 

To discover more about our range of hard drive degaussers and destroyers, you can see some of our automatic hard drive degaussers to see how you can start protecting your business, and ensuring that you comply with data laws. 

Preparing for the California Consumer Privacy Act

Last year, following the implementation the EU’s GDPR law, California enacted a piece of legislation called the California Consumer Privacy Act which will go into effect on January 1, 2020. 

The California Consumer Privacy Act is seen as the GDPR equivalent for the state, and will require businesses to implement strict data policies to protect consumers and personal information. 

Among some of the provisions of the Privacy Act include a consumer’s right to request what types of personal information is being held by a business, a right to decline the sale of personal information, the right to know what information is being used and for what purpose.

For businesses, the new law also places emphasis on data security and protection to ensure that personal data is handled properly.  Many of the provisions in the new law are similar to GDPR and businesses will need to implement privacy policies and in cases, have a data compliance officer to ensure data is properly handled. 

Due to the nature of this new law, and the subsequent impact it is having on other states, it is a certainty that equivalent laws for other U.S. states will have similar provisions, and require businesses to protect data. 

The U.S. is also signatory to the Privacy Shield agreement with the European Union on data transference, and is continuing to work with other countries to protect people’s information when transferred across borders. This affects international businesses that store data in one country, and transfer that information to another in order to facilitate a transaction, a booking, or any kind of data processing activity. 

For businesses that want to be fully compliant with new data laws, they can ensure that data is protected through proper erasure and removal processes. By erasing records and personal information with full auditing, an organization can prove to law enforcement and data regulators that it is properly handling information, and securely removing it when no longer needed. 

In order to do this, hard drive degaussing and erasure is recommended. Brands and government agencies as well as small businesses can implement data protection and erasure by investing in degaussing equipment that can be used in an office environment. This allows organisations to document their data, and erase hard drives and tapes with full transparency. 

You can learn more about data degaussing and see some of our recommended hard drive degaussers which provide the option for businesses to track their data erasure live, and deliver full reports to data compliance officers and regulators. 

Degaussing: An Introduction

An Introduction to Degaussing

  1. What is a degausser?
  2. How does a degausser work?
  3. Operation of degaussers
  4. Detailed benefits of degaussers
  5. Points to consider when choosing a degausser
  6. Who uses a degausser?
  7. More about magnetic media

Degaussing definition – What is a Degausser?

It is a machine used to eliminate data stored on computer and laptop hard drives, floppy disks and magnetic tape, by randomly changing the alignment of magnetic domains on the medium.

Degaussing takes its meaning from Johann Gauss (1777-1855) a mathematician who studied and worked on electro-magnetic fields. Data is stored on magnetic media by making very small areas called magnetic domains change their magnetic alignment to be in the direction of an applied magnetic field. Degaussing magnetic media leaves the domains in random patterns with no preference to orientation, thereby rendering previous data unrecoverable. A degausser is therefore used to completely erase all audio, video and data signals from magnetic storage media.

This process is effective in a range of industries including video, audio, computer, broadcast and data security.

Benefits of Using a Degausser

  • Assurance that all sensitive data has been erased permanently
  • Disposes classified media quickly, safely and in-house
  • Improvement in the quality of output
  • Sizeable savings in operating costs
  • Meets the NSA and CESG requirements for sanitisation of classified information

Simply overwriting magnetic media does not completely erase data. Only a degausser can remove data 100% and ensure that confidential data is securely and completely erased.

How does a Degausser work?

It works by passing any magnetic media through a powerful magnet field to rearrange the polarity of the particles, thus completely removing any resemblance of previously recorded data. Although this process of course is simple in theory, in practice, the vast variation of media formats and magnetic densities makes the correct process quite difficult to achieve. The degausser is constructed in such a way as to enable the generated magnetic field to be available to the media when it is transported through it, which can be by physically holding the media and moving it through the field by hand, having it automatically conveyed by a belt transporter or rotated on a motorized spindle.

Different media demand varying magnetic field strength, therefore the coils that generate the magnetic field will also vary depending on this requirement. Generally speaking, a coil is a degausser which should have two to three times the energy rating of the material being degaussed. Where media has a security classification, Restricted, Confidential, Secret or Top Secret, a considerably higher energy rating will be required. This rating is measured in Oersteds after Hans Christian Oersted (1777-1851) who discovered the magnetic qualities of electricity. Further efficiency can be achieved by using more than one coil in multi-axial orientation; this produces a more effective degaussing field. Even better performance can be achieved by rotating the coils or the media during the process.

Operation of Degaussers

The operation of degaussers will vary depending on the type and quality of media and the speed and degree of erasure required. When erasing tapes, either the cassette must move through the magnetic field or you must move a magnetic field over the cassette. In each case, the consistency of the motion, the strength of the field and the distribution of that field over the entire media are what determine the quality of the erasure.

Most professionals and engineers agree that a conveyor transport degausser, which allows the user to place the magnetic media on a small belt, which in turn passes the media through or over the degaussing coils at a constant speed, assures the most uniform process. Custom-designed degaussers can assist with the specialist needs of bulk operators with belt feed conveyors; collection hoppers are available to deal with tapes, disks and reels, all helping in making the operation effective & efficient.

Effective degaussing is very much a performance factor of the machine and generally passing the media through the field twice does not improve the effectiveness. If however the media is rotated by 90 degrees, some improvement can be achieved. VS Security Products have developed an eraser employing “state of the art” technology that uses a rotating coil technique. The media passes on a variable speed conveyor belt through a field, generated by two powerful coils, which are rotating, one above the media, the other beneath it.

With the ever-increasing demand to fit more & more data on smaller media, there is now a requirement that can be more important than absolute erasure. That is consistency of erasure.

It is widely understood that data at a high packing density stored on magnetic media is easier to erase than lower density data. The data signal to noise ratios, bit-to-bit phase relationships, amplitude variations all become more critical and require more sophisticated electronics to ensure valid error free data recovery. Variations of magnetic flux, remaining from a poor erasure cycle, will make data recovery more difficult and will result in increasing errors.

Detailed Benefits of Degaussers

The resultant benefits are substantial, producers of audio and video tapes achieve better yields as well as increased quality. Data users enjoy greater efficiency due to considerably reduced “error rates”. Professional users in every sector, from government to business, benefit from incorporating degaussing within their magnetic media processing procedure and achieve considerable cost savings by being able to confidently reuse again and again media previously discarded. All in all there is a very strong financial and operational case to use degaussers, especially manufactured by the world’s leading specialists, VS Security Products .

The controlled application of degaussers to the process involved in the production & operation of magnetic media can achieve considerable savings. For a start, many operators who do not currently degauss, simply throw away suspect media that, with a careful process of degaussing applied to it, would have a considerable extended life. Many operators claim benefit of up to four times the useful life of some types of media.

Further direct & indirect savings can also be achieved. Quality of performance of the media has a very high value, although it would be difficult to qualify. Indirectly, there are additional cost savings to producers and to end users due to the considerable reduction of “down time” of computers and data processing apparatus arising from faulty or imperfect magnetic media being used. Diskette duplicators claim to gain upwards of 25% better production yields directly attributable to degaussing their bulk bland diskettes, prior to processing.

Another benefit is that magnetic media is very difficult to dispose of. If it is burned, it emits toxic fumes, if it is buried, it is not biodegradable. By re-using your media as many times as possible, you are adding you your company’s recycling programme.

The amount of magnetic media used in the broadcast, computer and software industries has resulted in professional users striving to achieve higher quality and efficiency, whilst at the same time searching for cost savings. By degaussing magnetic media using “deep erasure”, created by powerful magnetic fields, users or producers find that previously recorded data, or certification signal can be eliminated completely from tapes, cassettes or cartridges. The effectiveness that this method of erasure achieves far exceeds that of DC erasure (this is the method that is used in hard disk drives).

Points to Consider When Choosing a Degausser

  1. Type of media used: What formats do you need to be degaussed? Different degaussers can handle different types of media.
  2. Volume of media: How much media do you need to degauss and in what sort of timeframe?
  3. Density of media: Magnetic media varies in its density. You will need a degausser with enough power to completely erase data on your media.
  4. Type of Operation: Manual or Automatic. Do you have enough time to erase tapes manually or would you prefer an automated system?
  5. Proposed location of degausser: How much room do you have for a degausser?

Who uses a Degausser?

Anybody who uses magnetic media will benefit from the use of a degausser, including:

  • Radio/Television broadcasters: enables expensive tapes to be re-used
  • Computer departments of corporations: allows re-use of back up tapes and safe disposal of information from PC hard drives
  • Data Storage Companies: data no longer needed can be easily and efficiently erased
  • Defense Organizations: confidential and top secret information can be erased
  • CCTV Operators: allows VHS tapes to be re-used again and again
  • Audio/Video duplicators: allows re-use of any production over runs and returned out of date tapes
  • Financial Services: Banks and insurance companies can use a degausser to re-use magnetic media for voice logging systems
  • Emergency Services: Re-use tapes used in voice logging systems
  • Hospitals: erase sensitive information held on magnetic media, such as patient records no longer required
  • Universities: allows student records that are no longer needed to be erased

More About Magnetic Media

The term magnetic media covers a vast range of material from audio/video tapes and cassettes to computer diskettes and reels, supplied in a wide choice of sizes and complexities. All of them however, perform in the same basic way yet have significantly differing characteristics in performance and in operation that will require differing erasure processes.

Magnetic media consists of material that is coated with minute metallic particles that react to magnetic influences applied to them. Such influences fall into two types.

The first is the intended influence or signal that provides the desired “Play-back” from the original recording. Ideally the reply should replicate the original recording, whether this is from audio, video or computer data source. The second influence is the unwanted signal, which can take the form of distortion, bias, corruption or interference and can produce undesirable effects such as poor quality audio or video media or software glitches in data material. Clearly any process which enhances the first and eliminates the second is desirable and a degausser can achieve this.

The value of the data you process is going up

Every day, businesses are processing a wide range of datasets for many reasons including storing credit card details, address information and more to facilitate payments and bookings for products and services.

This also applies to the healthcare industry where patient data is being processed and handled by a vast number of organizations that are working to provide people with medicines, specialist care and much more.

In the U.K., it has been estimated that the value of the data held by the country’s NHS (National Health Service) is worth over £9.6 billion a year. This is due to the fact that Britain’s public health care organization has over 1 million employees and handles the data of millions of patients across the nation.

With modernization efforts ongoing, the NHS is transferring patient data to digital with the use of highly complex and integrated systems to store that information across many regions and  in different specialist departments.

The NHS is not alone in its obligation to protect patient information. In fact, many organizations around the world are playing catch up with new data laws and are seeking to protect that information which can be very valuable to businesses and also to criminals.

There have been a number of RansomWare cases and others where data has been accessed and published online. Passwords and personal information was accessed and used to lock systems and force people to pay a ransom in order to be able to access their data.

Following the implementation of GDPR in Europe, the US-EU Privacy Shield, and now California’s new data law in January 2020, it’s important that organizations have data protection procedures in place so that personal information that is stored and then no longer needed, gets fully erased.

Businesses and organizations often rely solely on software to erase records, however this doesn’t provide security as this only writes a new layer of data on a hard drive. This means that the previous data layer still exists and can be accessed later by criminals and other enterprises. This is where degaussing can ensure that data is magnetically wiped. In addition, older hard drives that have been magnetically erased can be crushed with a HDD Destroyer for the purposes of recycling.

Businesses can benefit from erasing data and auditing their efforts as data compliance becomes more important in countries around the world. The value of patient data is clear and the costs and risks associated with losing that data can result in regulators issuing fines to companies that are not prepared or not complying with data laws.

Is your business or organization erasing data securely?

Yahoo settlement fund of $117.5m to compensate users affected by historic data breaches

Yahoo will be offering compensation to some of the 3 billion users affected by several data breaches occurring between 2012-2016.

Over the past several months, Yahoo has been sending regular emails to its users informing them of a proposed class action lawsuit settlement, offering US and Israel account holders financial compensation.

The claim can be filed here up until July 20th 2020 for users that were affected by the data breaches.

Data security has become a key area of business risk mitigation in the years following Yahoo’s data breach and many companies have been affected by emerging cybersecurity threats with files being leaked online, forcing them to pay out considerable compensation to users. In 2020, the emphasis on data security is even more important following the enactment of the California Consumer Privacy Act, which gives consumers new powers to have a say on how their data is used as well as increased fines for businesses that fail to protect information.

Businesses are now required to have data protection policies by law, and after numerous fines and the global impact of the European Union’s GDPR law, it is evident that more has to be done to protect user information in all its forms.

Part of that work involves companies looking at their data security practices and enhancing their information sharing policies to factor in new laws and the requirements of data handling as a whole. Recently, Microsoft announced it would embrace CCPA across its whole company, not just in California and was making data security a priority, among other organizations.

There are a number of ways businesses can reduce their risk from fines such as using degaussing technology to magnetically remove data from hard drives and tapes, as well as hard drive destruction for safe disposal. Auditing is also an important factor, and businesses can implement data auditing solutions to make sure they are handling data effectively, and making sure that older systems and mediums such as hard drives or magnetic tapes are erased securely. This also ensures that customer data which is no longer in use gets removed in a secure environment, providing an added layer of transparency, especially when combined with data auditing and live logging.

With the added risks and new laws currently being drafted, it is essential that businesses of all sizes look to protect their customer data, and implement data security practices as a whole. Is your business making data security a priority in 2020?

Microsoft to honor California’s new privacy law nationwide

Microsoft have announced that they will adapt the principles of the new California Consumer Privacy Act (CCPA) on the first day of the New Year.

Ahead of coming into full force in January 2020, Microsoft took the bold step in announcing that it would “honor” the CCPA law throughout the whole United States. This follows a similar decision in Europe where it adapted the GDPR principles globally to its business. 

Microsoft’s announcement is a big deal for the tech industry as it signals just how seriously big business is taking data protection. With CCPA only being enforced in California, Microsoft have shown that as a company it wants to do more for data protection, and in fact, praised CCPA as good news. Chief Privacy Officer Julie Brill said in a blog post that the CCPA is “an important step toward providing people with more robust control over their data in the United States.”

CCPA will have a far reaching impact on businesses, especially those that are incorporated in California, but serve users nationally and internationally. With data laws overlapping in different states, and over in Europe, it’s making more sense for businesses to adapt the strictest data requirements across their entire digital operations. This will ensure that they are ready for the upcoming laws currently being drafted in a number of different states, and help them to get their systems up-to-speed and compliant. 

With that compliance also comes the need of making sure that technology architecture is set up in a way that safely stores and removes data once it is no longer in use. Especially for businesses that handle personal information across states, it’s important to implement a data protection policy that tries to apply the principles of GDPR, CCPA and other laws so that risks are minimized.

For companies that want to step up their commitment to protecting their customer data, they can choose the option of buying professional degaussing equipment to fully erase old data from hard drives that will no longer be used in newer systems. 

CCPA

The California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) became law on January 1st 2020 in the state of California and places additional legal requirements on businesses and organizations when it comes to handling data. The law is comprehensive with a number of detailed statutes reflecting today’s new digital age, and how valuable data has become. CCPA gives consumers new powers and rights when it comes to their data, which businesses must comply with in order to avoid being fined or found in breach of its provisions. Some of the statutes include:

  • Consumers right to receive information on privacy practices and access information.
  • Consumers right to deletion.
  • Information required to be provided as part of an access request.
  • Consumers right to receive information about onward disclosures.
  • Consumer right to prohibit the sale of their information.
  • Price discrimination based upon the exercise of the opt-out right.

Business compliance and impact

Businesses affected by CCPA include those which hold or collect personal data from consumers, and are doing business in the state of California. There are three thresholds which organizations will fall under when considering if CCPA applies. These are:

  • If the annual gross revenue of a business exceeds $25 million.
  • If buying or selling personal information of more than 50,000 individuals.
  • If earning more of half its annual revenue from the selling of people’s personal information.

In alignment with CCPA, businesses are expected to implement data security practices that can support the protection of consumer data across its organization – where consumer data is being handled. 

See our Data Destruction Auditor to learn more about data auditing. 

Business processes required under CCPA

Businesses adhering to the CCPA must implement the following processes to be compliant. If they fall within one or more of the compliance thresholds then CCPA will apply: 

These are:

    • Implementing parental or guardian consent for children (minors) who are under the age of 13, and ‘affirmative consent’ for minors who are aged between 13 and 16 – in relation to data sharing processes.
    • A clearly defined link on the home page of the website of the business providing a “Do Not Sell My Personal Information” link where users visiting that website are able to opt out of the selling of their personal data.
    • New privacy policies which include a description of California residents’ rights.
    • A point of contact for website visitors that allow them to access their data.

Fines and sanctions that can be imposed under CCPA provisions

  • If a business suffers data theft or a data breach, it can be ordered to pay statutory damages in civil class action lawsuits and asked to pay up to $750 per incident and resident (residing in California).
  • Financial penalties of up to $7,500 can be issued for intentional data violations and $2,500 for unintentional data violations.

Signed by Governor Brown in June, 2018, and enacted on January 1st, 2020, the California Consumer Privacy Act enhances consumer protection and holds businesses to account that do not protect data, or suffer from data breaches where consumer information is accessed without consent. 

France protecting data rights as it forges new cybersecurity cooperation with India

France is taking a proactive role in strengthening its cybersecurity cooperation with India, signing a new agreement to combat cybercrime to protect its citizens and business sectors. 

Over the past year since GDPR was introduced in the European Union, France has been keen to work with international partners on data rights and data security as a whole. 

AI, 5G and digital commerce were among the key topics at a summit in New Delhi between France and India in October, attended by France’s National Cybersecurity Agency along with 130 delegates from both countries. 

As technology starts to become a bigger part of our lives, France and India have been looking at ways in making sure data transference between states is safe, and that the laws which govern people’s data, are replicated between friendly nations. This goes without saying that people’s individual rights as data subjects is becoming a key topic of discussion, particularly as there remain considerable cybercrime threats for citizens around the world. 

Companies and governments have also been seeking ways to improve data architecture, data security and network security as a whole in their discussions, keeping in mind the ever evolving landscape, and how data is being used, stored and processed in different countries – often by multinationals, but increasingly by small businesses and tech startups. 

At the GITEX Technology Week in Dubai back in October, multinational companies gathered to display the latest innovations in tech, including advancements in AI and IoT devices – laying the foundation for a new era of technological innovation and inter-connected systems where digital citizen rights will take centre stage.  

Verity Systems, a manufacturer providing data security solutions for governments, businesses and medical institutions, has been working behind-the-scenes to develop new tools that can securely erase data records from different types of media. And with the evolving data landscape, legacy network systems and hard drives are being retired with a stronger emphasis being placed on secure data erasure of personal information that is no longer in use. 

With the risks associated in improperly handling data disposal, and the very nature of data rights and people’s personal information, businesses and governments are taking note of the evolving landscape of technology, and how to deal with the careful disposal of older systems which will be made redundant by newer innovations and technological breakthroughs. 

In our ever evolving digital landscape, we are only seeing the beginning of what will be a transformation of the digital ecosystem we see today, and when it becomes more closely integrated, across borders, digital citizen rights will be a key priority for countries moving forward. 

Singapore to step up its data security efforts in 2020 with $719m investment drive

The Singapore government is investing heavily in data security as part of its new 3-year plan which it sees as crucial in protecting citizen data.

Speaking on Tuesday, Singapore’s Finance Minister Heng Swee Keat said that the budget for 2020 would enable Singapore to enhance its cyber and data security capabilities.

This follows the passing of new legislation in 2018 which enhanced laws surrounding data security in the new Cybersecurity Act.

Singapore’s investment plan will allow the government and key agencies to adopt new technologies and get the country ready for a future where AI, IoT and cloud computing become central to economic growth.

Through new digitisation strategies, Singapore will be able to adapt to cyber security risks and also provide tech startups with the funding they need to develop new technologies. This would come from an additional $215m fund in its Startup SG Equity Scheme – further supporting Singapore’s growing hub of technology startups.

Countries such as India, France and the U.S. have also been adopting new laws and stepping up their data security efforts to protect citizens and their personal information. From California’s new CCPA to France and India’s push for more data cooperation between governments, there is an international effort building momentum to reinforce data security architecture as a whole.

Businesses that are at risk of data security breaches include multinational corporations operating large cloud infrastructure as well as government agencies, ecommerce platforms and new fintech businesses.

Data security architecture is central to the success of new startups as well as protecting citizen data. Part of that effort includes the safe removal and disposal of older systems as new technologies come into play. One of the ways in which businesses can reduce their risk of losing data or having it exposed to criminal organizations is through degaussing technology and hard drive destruction.

While software may be considered by small businesses as a way to erase hard drives, the data still remains, and poses a risk to security conscious companies holding sensitive information. Therefore magnetic erasure with degaussing provides the guarantee that data can’t be recovered – which is especially important for governments that want to protect national secrets and data from falling into the wrong hands.

Congressional panel finds US at risk from small and catastrophic cyberattacks

This week, a bipartisan report released by the Cyberspace Solarium Commission found that the U.S. was facing multiple cybersecurity challenges and could suffer lasting damage if national infrastructure was compromised. The total cost of such a major cyberattack could exceed the multi-billion dollar cost of the California fires by comparison.

Already top of the agenda for countries around the world, data security and data laws have still a long way to go to catch up to the threats that are posed by cybercrime in our digitally connected economy.

Data itself has become a ‘human right’ but it’s the way in which information and people’s personal records are being handled that still poses challenges for businesses and governments – especially when that information falls into the wrong hands.

Several high profile breaches such as the Equifax hack have led to a host of new data laws and processes for companies, but there remain critical flaws in how digital infrastructure is protected from cyberattacks, leaving businesses vulnerable, especially when older, legacy systems don’t get upgraded and still retain hundreds if not millions of records.

The bipartisan report recommended that the government enact wide ranging reforms and collaborate further with the private sector to develop new cybersecurity solutions.

One notable recommendation in the 180+ page report was that Congress enact a new data security and privacy protection law with a new National Cyber Director.

With technology theft being a big problem for American companies, the Commission urges lawmakers to deter attacks and find ways to encourage better data security standards globally.

One of the key areas of data protection is in the safe erasure and removal of older, legacy system hard drives – a key issue given that millions of records remain unprotected and vulnerable to exploit without being properly erased. Through degaussing technology and hard drive destruction, there are ways for businesses to reduce the risk of having their legacy systems getting exploited. With full data erasure, there’s an added layer of security for businesses and governments that are in the process of adjusting to new standards, but time is of the essence as newer, more sophisticated Ransomware viruses and other malicious software programs penetrate America’s key digital communications infrastructure.

Is your business implementing new data policies to adjust to the latest threats in cyberspace?