The way we dispose of our data brought Mick Payne back to him.
The chief operating officer of Techbuyer was standing in a large windowless room of a data center in London surrounded by thousands of used hard drives. He offered a six-figure sum for all the devices because he knew he could sell them on.
Data-storing devices would be dropped inside by authorized security personnel instead of being driven up to the site. Industrial machines shred them into small pieces.
Payne thought this was crazy when he walked out. They couldn't allow the disks to leave the building, despite the fact we could wipe them on-site then sell to a new customer who could make use of them for years to come. It was not a good use of money.
Payne had seen the practice of shredding data-storing devices first hand.
When you fire off an email, update a document, or take a photo, the data is not stored in a cloud as the metaphor suggests. It is stowed across several of the world's estimated 70 million server, made up of all sorts of precious metals, critical minerals, and plastic.
Each device on the server is roughly the size of a VCR tape. The floorspace in some of the data centers is equivalent to dozens of Olympic-sized swimming pools. When companies decide to upgrade their equipment, which usually happens every three to five years, data storage devices are destroyed in a process like the one Payne described.
AdvertisementThe Financial Times has learned through interviews with more than 30 people that companies such as Amazon and Microsoft shred millions of data-storing devices each year.
Industry insiders say that using computer software to wipe the devices before selling them on the secondary market is a better option to safely dispose of data.
A European Commission official who co-authored a report about how to make data centers more sustainable says you don't need to shred data.
Fear of a data leak triggering fury from customers and huge fines from regulators is one of the reasons why people are reluctant to move away from shredding.
Last month, the US Securities and Exchange Commission fined Morgan Stanley $35 million for an "astonishing" failure to protect customer data, after the bank's decommissioned server and hard drives were sold on without being properly wiped. A $60 million class action settlement was reached earlier this year, as well as a $60 million fine. Some of the hardware was sold online.
The incident stems from a failure to wipe the devices before selling them on, but the bank now requires that every device be destroyed. This approach is widely used.
One employee at Amazon Web Services, who spoke on condition of anonymity, said that the company shreds all data-storing devices after three to five years of use. Amazon didn't say anything.