Hard Drive Destruction & ITAD

Portis, Inc. provides Hard Drive Destruction & ITAD (Information Technology Asset Disposition) Services compliant with government and industry standard requirements such as:

We focus on compliance for properly destroying decommissioned hard drives & ITAD services. Legal issues have resulted in disposing of hard drives, irregularly or sporadically, as is the case when they are retained beyond their required retention period. 


Contact A CSDS














Today’s Action Plan

Prevent a data breach when disposing of hard drives and equipment with hard drives such as computers, laptops, desktops, servers, laser printers, etc. Government and industry standards require complete erasure of sensitive data prior to ITAD services.

Affinity Health Plan  was ordered to pay fines of $1.2 million in a 2010 for a photocopier breach case.

Under a settlement with the U.S. Department of Health and Human Services (HHS), Affinity Health Plan, Inc. will settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules for $1,215,780.  

“This settlement illustrates an important reminder about equipment designed to retain electronic information: Make sure that all personal information is wiped from hardware before it’s recycled, thrown away or sent back to a leasing agent,” said OCR Director Leon Rodriguez.  “HIPAA covered entities are required to undertake a careful risk analysis to understand the threats and vulnerabilities to individuals’ data, and have appropriate safeguards in place to protect this information.”

In addition to the $1,215,780 payment, the settlement includes a corrective action plan requiring Affinity to use its best efforts to retrieve all hard drives that were contained on photocopiers previously leased by the plan that remain in the possession of the leasing agent, and to take certain measures to safeguard all ePHI.

OCR’s investigation indicated that Affinity impermissibly disclosed the protected health information of up to 344,579 individuals when it returned multiple photocopiers to a leasing agent without erasing the data contained on the copier hard drives. In addition, the investigation revealed that Affinity failed to incorporate the electronic protected health information stored in copier’s hard drives in its analysis of risks and vulnerabilities as required by the Security Rule, and failed to implement policies and procedures when returning the hard drives to its leasing agents.


Morgan Stanley  was fined $60 million for failing to have electronic data disposed of correctly during the decommissioning of two data centers.

When Morgan Stanley decommissioned two data centers related to the bank’s wealth management business in 2016, the company did not properly oversee the third-party company responsible for ensuring that all personal data was removed, according to the OCC, which is part of the U.S. Treasury Department.

“In connection with the decommissioning, the bank, among other things, failed to effectively assess or address the risks associated with the decommissioning of its hardware, failed to adequately assess the risk of using third-party vendors, including subcontractors, and failed to maintain an appropriate inventory of customer data stored on the devices,” according to an OCC report.

OCC also says Morgan Stanley neglected to exercise proper oversight while retiring certain network devices, such as computer servers, at a local branch in 2019.

Portis, Inc. provides evidence of compliant hard drive destruction. Our Certificate of Destruction is documentation of due diligence to appropriately destroy proprietary information (PI), personal identifying information (PII), protected health information (PHI), and electronic protected health information (e-PHI) recorded on hard drives.

Our focus is on properly destroying decommissioned hard drives. We provide regulatory compliant Hard Drive Destruction & ITAD Services. 

Learn How

Contact A Consultant