As tablet technology continues to improve, many companies are looking to upgrade the initial tablets that were purchased. Regardless of the tablet in use – iPad, Android, or Windows 8 – if you are considering phasing out previous generations in order to take advantage of larger storage capacities, faster processing and enhanced features, you need to consider the disposition process.

With new technologies come new challenges. Companies that have made the significant investment in tablets must take the disposition process for this technology seriously. Tablets, like any of the computers your company uses, contain sensitive information–information that can’t leave the control of your company under any circumstances. If it does, you risk violating regulations like HIPPA, PCI, or SOX or exposing your customer financial information or company secrets to the outside world. There are a few issues you need to be aware of with tablet disposition.

Data Erasure on Tablets

Tablets store data differently than most laptop or desktop computers. Most have built-in solid-state drives that can’t be removed. For data destruction purposes, this is significant for two reasons:

1. Solid-state drives require special attention in the wiping process.  As we have discussed previously in this blog, standard overwriting of data on SSDs cannot be validated in the way that it is on magnetic drives. This is due to the unique memory cell architecture of SSDs and the “wear-leveling algorithms” used to manage them. The data can be securely wiped – if you use a process specific to SSDs and to the operating system.
2. Physically destroying the drive of a tablet means destroying the tablet itself. Used tablets have value on the resale market, so companies that follow this method are missing out on the opportunity to recoup some of the cost of the upgrade.

Secure data destruction is possible on tablets; many mobile device management (MDM) tools have the ability to wipe data from these devices, as long as they’re connected to a network. iOS devices include a “erase all content and settings” feature that, if done correctly, can properly prepare an iPad for resale. You must ensure that you have a way to document that this process was executed successfully on each tablet. If your IT techs are busy with lots of projects, this may be the most challenging piece. It’s also when a device that has not been wiped could slip through the cracks and be sold with data and corporate application access still on it.

While the methods used for data erasure are different with tablets than laptops or desktops, the need for a well planned and executed process is the same. The most important factor is to remove data in a systematic, consistent way and document the process and results. Not only does this ensure that no sensitive data falls through the cracks in the disposition process, it provides a trail of documentation in case your company ever faces an audit related to tablet data security.

We have written previously about the need for process in data destruction and IT asset disposition. Those same lessons apply to the disposition of tablets and other mobile devices. An IT asset disposition provider with expertise in tablet disposition and data destruction can help you plan and implement a secure process for destroying data for a tablet upgrade.

If resale in not possible, tablet computers should be recycled according to all federal and state environmental regulations. Again, a certified ITAD vendor is the best resource to turn to. They can help you identify resale opportunities and keep any disposition process within the boundaries of your regulatory and compliance obligations.

Tablet data security and disposition are relatively new and evolving issues. To learn about the best practices developed so far for data destruction on solid-state drives as well as magnetic drives, consult our white paper “10 Myths About IT Asset Disposition (ITAD) Data Erasure.”