Data destruction certificates

×

Status message

You are not a member of this team. If you want to be part of this team, click on 'Subscribe to this team'.
Team(s): 

Hi everyone,

I was wondering if anyone has previously made or used a formal certificate template for data destruction.

Thanks,

Kiran
(NZ)

Comments

bigfoot's picture
Submitted by bigfoot on Fri, 08/09/2019 - 10:06

Hi, good point. It would be a good idea to implement something like that but very difficult to manage because of the nature of Labdoo; the whole thing is based on trust. To be able to offer a certificate of data deletion you would need to certify it with an ISO Standard certificate; unfortunately those certificates cost a lot to implement. The current Data Security ISO Standard is ISO/IEC 27018:2019 https://www.iso.org/standard/76559.html The document to read regarding the ISO standard costs approx €100 just to read it.

Rhein-Ruhr-Hub's picture
Submitted by Rhein-Ruhr-Hub on Fri, 08/09/2019 - 11:03

Hi,
please let me explain the various needs we found at our donors and some formal aspects. The main problem is that Labdoo is a grass-root initiative. Which is perfect on one hand, as everybody can join easily. But for such a formal confirmation letter / certificate is is a drawback, as you as helper can write / sign such a confirmation, but it is not sure, if it is enough to satisfy the need of a donor, especially if donor is a company. In some countries there are Labdoo associations (USA, ES, CH, DE), who can sign such a formal letter.
We solve such requests in Germany as follows:
For private persons and small-medium companies our German Labdoo association can send a Labdoo confirmation letter:
DE: http://ftp.labdoo.org/download/documents/german/Unterlagen/_confirmation...
EN: http://ftp.labdoo.org/download/documents/german/Unterlagen/_confirmation...
It also includes some country specific tax aspects for Germany.
But for large enterprises or those with high demands on compliance this is not working. They are often only allowed to give IT donations to certified and compliance conformal partners, e.g. in Germany certified by TÜV or Dekra. Such a certificates costs several 10.000 € per year and has to be renewed every few years. So out of discussion for Labdoo.org.
In such cases we link such a donor with high compliance level to certified partners of us. Actually we have 2 in Germany. But the effort is huge. This partner comes with 2 employees, a special van, drive into a locked area to unload, safely deletes user data and monitors and documents each step done. The donor then gets a certification document proofing the donations and the whole process. At the end end Labdoo gets all or a part of the donation. To cover the costs of the certified partner he is either allowed to sell part of the IT donation or the donor pays for the service.
A neutral, international Labdoo template has to be worked out. Please note that (at least in Germany) it has to be filled-in according the donation and data removal process and signed by a responsible, local representative of Labdoo.
In case you need more information please let me know.
Ralf, Labdoo.org (Germany)