Some IT asset disposal companies don't perform a secure erase of data until the equipment has arrived onto their premises - exposing their customer's data to loss during transit - a critical oversight.
The National Institute of Standards and Technology (NIST):
"The application of sophisticated access controls and encryption help reduce the likelihood that an attacker can gain direct access to sensitive information. As a result, parties attempting to obtain sensitive information may seek to focus their efforts on alternative access means such as retrieving residual data on media that has left an organization without sufficient sanitization effort having been applied... Even internal transfers require increased scrutiny, as legal and ethical obligations make it more important than ever to protect data such as Personally Identifiable Information (PII). No matter what the final intended destination of the media is, it is important that the organization ensure that no easily re-constructible residual representation of the data is stored on the media after it has left the control of the organization or is no longer going to be protected at the confidentiality categorization of the data stored on the media.
The two most common data eradication standards in the United States are NIST and DoD. We provide a Certified Erasure Certificate upon completion of erasure that becomes our client's Legal Document and proof of erasure.