{"id":11565,"date":"2025-07-15T14:30:15","date_gmt":"2025-07-15T06:30:15","guid":{"rendered":"https:\/\/cyberrecycling.com.au\/?p=11565"},"modified":"2025-07-15T14:30:15","modified_gmt":"2025-07-15T06:30:15","slug":"the-legal-risks-of-not-properly-destroying-data-on-old-devices","status":"publish","type":"post","link":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/","title":{"rendered":"The Legal Risks of Not Properly Destroying Data on Old Devices"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Many people replace old phones, laptops, or tablets without realizing the sensitive information is still on them. Cybersecurity experts have even found that major companies and agencies discarded completely unwiped devices. With researchers stating there were instances of discovering state government network encryption keys and full medical records on second-hand hardware. They also found spreadsheets with customer names, addresses, phone numbers, and credit card details. These are just a few examples of the real <\/span><b>risks of not destroying data<\/b><span style=\"font-weight: 400;\"> on old equipment.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Such incidents show that old devices can spark a data breach even after they are thrown away or recycled. If leftover data from a discarded drive or phone is accessed by a third party, the original owner has effectively lost that information. Under <strong><a href=\"https:\/\/www.oaic.gov.au\/privacy\/australian-privacy-principles\">Australia\u2019s Privacy Act<\/a><\/strong>, loss or unauthorized access of personal data is treated as a notifiable data breach. This means a simple failure to wipe an old hard drive can trigger an official breach report, with legal consequences.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In Australia alone, businesses generate hundreds of thousands of tonnes of electronic waste each year, and only a fraction is collected securely. Any unwiped device in that waste stream can be a goldmine for data thieves or hackers.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Australian Laws and Penalties for Data Disposal<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Australian law places clear responsibilities on organisations and, by extension, individuals in business to manage and dispose of personal data securely. The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) within it set the rules.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Importantly, APP 11 (Security) requires entities to \u201ctake reasonable steps to protect the personal information they hold from misuse, interference, and loss.\u201d APP 11.2 goes further, mandating that businesses must \u201ctake reasonable steps to destroy or de-identify personal information once it is no longer needed.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In other words, you can\u2019t simply stash away or toss old devices with personal data, and you must ensure the data is irrecoverably erased.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If an organization fails to do this and a breach occurs, the Notifiable Data Breaches scheme kicks in. Under the Privacy Act\u2019s NDB rules, companies must notify both the Privacy Commissioner and affected individuals when an eligible data breach happens. Such an incident qualifies as a reportable breach when personal information has been disclosed in a way that creates a substantial risk of serious harm. Which pretty much means if someone retrieves personal info from your discarded hardware, you have a legal obligation to report it. The goal is to allow affected people to take steps and hold businesses accountable.<\/span><\/p>\n<p><em>Also Read:<a href=\"https:\/\/cyberrecycling.com.au\/newwebsite\/blogs\/australia-e-waste-laws-2025\/\"> Australia E-Waste Recycling Law<\/a><\/em><\/p>\n<p><span style=\"font-weight: 400;\">If you don\u2019t stick to these rules, it could end up costing you a fortune. In late 2022, Australia overhauled its penalties, and now <\/span>serious or repeated privacy breaches<span style=\"font-weight: 400;\"> can attract the greater of a $50 million fine, three times the value of any benefit obtained from the breach, or 30% of the company&#8217;s turnover. For small businesses, the old caps were set at $340,000 for individuals and $1.7M for organizations, which were already high by their standards, but the new regime reflects how seriously regulators treat privacy lapses. Meaning a data breach caused by a discarded device is treated the same as one from a live database and could lead to fines in the millions.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Consequences of Improper Data Disposal<\/span><\/h2>\n<h3><span style=\"font-weight: 400;\">Regulatory Fines<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Under the Privacy Act, a data breach caused by negligence, such as failing to wipe a device, can attract huge civil penalties. The 2022 reforms mean a company could face tens of millions of dollars in fines. Even before these changes, Australian regulators were beginning to act. In 2023, the OAIC sued a pathology provider for a breach, seeking penalties under the old law.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Breach Notifications<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">You need to let both your customers and the regulator know anytime personal information is exposed, no matter how it happens. Imagine you sell an old phone without wiping the client data, and that information leaks. That\u2019s a notifiable breach under the Act, and if you don\u2019t report it, you are breaching the law.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Civil Liability and Lawsuits<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Customers or employees whose data was leaked might sue for damages, arguing your business was negligent in protecting their privacy. While Australia has had fewer privacy class-action cases than some countries, companies abroad have paid dearly for such failures. In 2022, a major US bank paid a $35M SEC penalty after hiring a moving company to decommission old drives, and the drives were sold with customer data still intact.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Reputational Damage<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Public trust can crumble after a breach such as this. Research shows many people lose confidence in a company after their data is compromised. News of a data breach from an old device will likely damage your brand and customer loyalty as much as, or more than, any fine.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Targeted Attacks<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">\u00a0Cybercriminals regularly mine secondhand electronics looking for sensitive data. An unsecured hard drive or phone is an easy entry point. Studies have shown that identity thieves recover vast amounts of personal data this way. Any resulting identity theft, fraud, or cyberattack can turn into legal and financial liability for the original data holder.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">How to Securely Destroy Data on Old Devices<\/span><\/h2>\n<h3><span style=\"font-weight: 400;\">Backup Needed Data<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Before disposing of anything, make sure any required information is safely backed up or transferred.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Thoroughly Erase or Wipe Data<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Don\u2019t rely on simple delete or reformat. Use reputable data-wiping software or built-in secure erase functions that overwrite the entire drive multiple times. Methods meeting standards like NIST SP 800-88 should be used so that data cannot be recovered by ordinary forensic tools.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Physically Destroy Irreversible Media<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">When you are sure a device be used again by you or anyone else, the surest way to get rid of any data is to physically destory its storage. Drill through hard drives, shred the disks, or degauss those old tapes, whatever it takes, to make absolutely sure nothing can ever be recovered.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Use Certified Recycling\/Disposal Vendors<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">When sending devices for recycling or disposal, choose vendors with recognized certification and secure chain-of-custody. They should provide a \u201cCertificate of Destruction\u201d as proof that the media were erased or destroyed. Merely dropping a device in the bin or a general recycling stream is not secure. Australian government guidelines explicitly warn against disposing of information-containing devices as regular trash and never leaving information at the local tip, as it may be retrieved.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Documents and Policies<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Keep records of what data was destroyed, when, and how. For businesses, having a formal data destruction policy is important. It should assign responsibility, detail approved methods such as software wiping, shredding, etc., and require periodic audits. A well-documented process shows you took reasonable steps to comply with APP 11, which is crucial if there\u2019s ever a dispute.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Train Employees<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Make sure your staff understand the importance of data disposal, as human error is often the leading cause of data breaches. Regular training can prevent someone from casually tossing an old laptop without authorizing a secure wipe.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Takeaways<\/span><\/h2>\n<h3><span style=\"font-weight: 400;\">Destroy vs Delete<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Keep in mind, just hitting \u201cdelete\u201d or reformatting won\u2019t cut it as data recovery tools can pull your files back in no time. To be safe, you need to either physically destroy the storage or use a certified wiping method to make sure nothing can be retrieved.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Legal Responsibility<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Under Australian law, you are responsible for the data, even on discarded devices. If you don\u2019t erase data correctly, you could be violating privacy laws and end up with fines and required breach notifications. The <\/span><b>legal consequences of improper data disposal<\/b><span style=\"font-weight: 400;\"> can include expensive civil penalties, not to mention potential lawsuits by affected individuals.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Global Standards\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">These concerns aren\u2019t unique to Australia. International regulations mirror these requirements. The EU\u2019s GDPR requires data controllers to implement adequate security, which includes secure deletion of personal data. GDPR violations for insecure data handling can bring fines up to \u20ac20 million or 4% of global turnover.\u00a0 In the US, laws like HIPAA for health data and FTC guidelines also mandate the secure disposal of records.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Environmental and Ethical Concern<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Proper disposal is also environmentally responsible. Many organizations that mishandle e-waste may be violating environmental regulations too, but critically, they definitely risk data theft. Always treat old electronic media as potentially containing sensitive information.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In summary, not properly destroying data on old devices is a hidden but serious vulnerability. The data destruction legal risks are real, and data breaches can happen long after a device is discarded. Businesses can face heavy fines, mandatory breach reporting, and lawsuits as a result. To protect yourself and others, always use certified methods to erase or destroy data, as it\u2019s a simple insurance against huge legal and reputational costs.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Cyber Recycling\u2019s secure<strong><a href=\"https:\/\/cyberrecycling.com.au\/newwebsite\/blogs\/e-recycling\/\"> e\u2011waste recycling<\/a> <\/strong>services include certified data destruction, following industry\u2011standard overwriting software, and physical shredding of drives. We provide a clear Certificate of Destruction for your records, and after your data is safely dealt with, we handle the recycling of the remaining hardware in compliance with all national and state regulations. By combining thorough data sanitisation with responsible electronics recycling, Cyber Recycling gives you the complete assurance that your old devices pose no legal or security risks.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Many people replace old phones, laptops, or tablets without realizing the sensitive information is still on them. Cybersecurity experts have even found that major companies and agencies discarded completely unwiped devices. With researchers stating there were instances of discovering state government network encryption keys and full medical records on second-hand hardware. They also found spreadsheets with customer names, addresses, phone numbers, and credit card details. These are just a few examples of the real risks of not destroying data on old equipment. Such incidents show that old devices can spark a data breach even after they are thrown away or recycled. If leftover data from a discarded drive or phone is accessed by a third party, the original owner has effectively lost that information. Under Australia\u2019s Privacy Act, loss or unauthorized access of personal data is treated as a notifiable data breach. This means a simple failure to wipe an old hard drive can trigger an official breach report, with legal consequences. In Australia alone, businesses generate hundreds of thousands of tonnes of electronic waste each year, and only a fraction is collected securely. Any unwiped device in that waste stream can be a goldmine for data thieves or hackers. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":11567,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-11565","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-recycling"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The Legal Risks of Not Properly Destroying Data on Old Devices - Cyberrecycling<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Legal Risks of Not Properly Destroying Data on Old Devices - Cyberrecycling\" \/>\n<meta property=\"og:description\" content=\"Many people replace old phones, laptops, or tablets without realizing the sensitive information is still on them. Cybersecurity experts have even found that major companies and agencies discarded completely unwiped devices. With researchers stating there were instances of discovering state government network encryption keys and full medical records on second-hand hardware. They also found spreadsheets with customer names, addresses, phone numbers, and credit card details. These are just a few examples of the real risks of not destroying data on old equipment. Such incidents show that old devices can spark a data breach even after they are thrown away or recycled. If leftover data from a discarded drive or phone is accessed by a third party, the original owner has effectively lost that information. Under Australia\u2019s Privacy Act, loss or unauthorized access of personal data is treated as a notifiable data breach. This means a simple failure to wipe an old hard drive can trigger an official breach report, with legal consequences. In Australia alone, businesses generate hundreds of thousands of tonnes of electronic waste each year, and only a fraction is collected securely. Any unwiped device in that waste stream can be a goldmine for data thieves or hackers. [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyberrecycling\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/CyberRecycling\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-15T06:30:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2025\/07\/2148419161-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"667\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"jd4r8hdl4z74\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"jd4r8hdl4z74\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/\"},\"author\":{\"name\":\"jd4r8hdl4z74\",\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/#\/schema\/person\/6eec1037909a3ca0117d4e3a830dd68e\"},\"headline\":\"The Legal Risks of Not Properly Destroying Data on Old Devices\",\"datePublished\":\"2025-07-15T06:30:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/\"},\"wordCount\":1526,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2025\/07\/2148419161-1.jpg\",\"articleSection\":[\"Recycling\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/\",\"url\":\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/\",\"name\":\"The Legal Risks of Not Properly Destroying Data on Old Devices - Cyberrecycling\",\"isPartOf\":{\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2025\/07\/2148419161-1.jpg\",\"datePublished\":\"2025-07-15T06:30:15+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#primaryimage\",\"url\":\"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2025\/07\/2148419161-1.jpg\",\"contentUrl\":\"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2025\/07\/2148419161-1.jpg\",\"width\":1000,\"height\":667,\"caption\":\"The Legal Risks of Not Properly Destroying Data on Old Devices\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cyberrecycling.com.au\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Legal Risks of Not Properly Destroying Data on Old Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/#website\",\"url\":\"https:\/\/cyberrecycling.com.au\/blogs\/\",\"name\":\"Cyber Recycling\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cyberrecycling.com.au\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/#organization\",\"name\":\"Cyber Recycling\",\"url\":\"https:\/\/cyberrecycling.com.au\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2026\/03\/cyber-recycling-logo.jpg\",\"contentUrl\":\"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2026\/03\/cyber-recycling-logo.jpg\",\"width\":800,\"height\":800,\"caption\":\"Cyber Recycling\"},\"image\":{\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/CyberRecycling\/\",\"https:\/\/www.instagram.com\/cyber.recycling\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/#\/schema\/person\/6eec1037909a3ca0117d4e3a830dd68e\",\"name\":\"jd4r8hdl4z74\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cyberrecycling.com.au\/blogs\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fb7f5b78f48785d15ee10c467a59c8b5867128e0f9d54fe32c38c77ed4193a9f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fb7f5b78f48785d15ee10c467a59c8b5867128e0f9d54fe32c38c77ed4193a9f?s=96&d=mm&r=g\",\"caption\":\"jd4r8hdl4z74\"},\"sameAs\":[\"https:\/\/cyberrecycling.com.au\/newwebsite\/blogs\"],\"url\":\"https:\/\/cyberrecycling.com.au\/blogs\/author\/jd4r8hdl4z74\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Legal Risks of Not Properly Destroying Data on Old Devices - Cyberrecycling","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/","og_locale":"en_US","og_type":"article","og_title":"The Legal Risks of Not Properly Destroying Data on Old Devices - Cyberrecycling","og_description":"Many people replace old phones, laptops, or tablets without realizing the sensitive information is still on them. Cybersecurity experts have even found that major companies and agencies discarded completely unwiped devices. With researchers stating there were instances of discovering state government network encryption keys and full medical records on second-hand hardware. They also found spreadsheets with customer names, addresses, phone numbers, and credit card details. These are just a few examples of the real risks of not destroying data on old equipment. Such incidents show that old devices can spark a data breach even after they are thrown away or recycled. If leftover data from a discarded drive or phone is accessed by a third party, the original owner has effectively lost that information. Under Australia\u2019s Privacy Act, loss or unauthorized access of personal data is treated as a notifiable data breach. This means a simple failure to wipe an old hard drive can trigger an official breach report, with legal consequences. In Australia alone, businesses generate hundreds of thousands of tonnes of electronic waste each year, and only a fraction is collected securely. Any unwiped device in that waste stream can be a goldmine for data thieves or hackers. [&hellip;]","og_url":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/","og_site_name":"Cyberrecycling","article_publisher":"https:\/\/www.facebook.com\/CyberRecycling\/","article_published_time":"2025-07-15T06:30:15+00:00","og_image":[{"width":1000,"height":667,"url":"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2025\/07\/2148419161-1.jpg","type":"image\/jpeg"}],"author":"jd4r8hdl4z74","twitter_card":"summary_large_image","twitter_misc":{"Written by":"jd4r8hdl4z74","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#article","isPartOf":{"@id":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/"},"author":{"name":"jd4r8hdl4z74","@id":"https:\/\/cyberrecycling.com.au\/blogs\/#\/schema\/person\/6eec1037909a3ca0117d4e3a830dd68e"},"headline":"The Legal Risks of Not Properly Destroying Data on Old Devices","datePublished":"2025-07-15T06:30:15+00:00","mainEntityOfPage":{"@id":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/"},"wordCount":1526,"commentCount":0,"publisher":{"@id":"https:\/\/cyberrecycling.com.au\/blogs\/#organization"},"image":{"@id":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2025\/07\/2148419161-1.jpg","articleSection":["Recycling"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/","url":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/","name":"The Legal Risks of Not Properly Destroying Data on Old Devices - Cyberrecycling","isPartOf":{"@id":"https:\/\/cyberrecycling.com.au\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#primaryimage"},"image":{"@id":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2025\/07\/2148419161-1.jpg","datePublished":"2025-07-15T06:30:15+00:00","breadcrumb":{"@id":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#primaryimage","url":"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2025\/07\/2148419161-1.jpg","contentUrl":"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2025\/07\/2148419161-1.jpg","width":1000,"height":667,"caption":"The Legal Risks of Not Properly Destroying Data on Old Devices"},{"@type":"BreadcrumbList","@id":"https:\/\/cyberrecycling.com.au\/blogs\/the-legal-risks-of-not-properly-destroying-data-on-old-devices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cyberrecycling.com.au\/blogs\/"},{"@type":"ListItem","position":2,"name":"The Legal Risks of Not Properly Destroying Data on Old Devices"}]},{"@type":"WebSite","@id":"https:\/\/cyberrecycling.com.au\/blogs\/#website","url":"https:\/\/cyberrecycling.com.au\/blogs\/","name":"Cyber Recycling","description":"","publisher":{"@id":"https:\/\/cyberrecycling.com.au\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cyberrecycling.com.au\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cyberrecycling.com.au\/blogs\/#organization","name":"Cyber Recycling","url":"https:\/\/cyberrecycling.com.au\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cyberrecycling.com.au\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2026\/03\/cyber-recycling-logo.jpg","contentUrl":"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2026\/03\/cyber-recycling-logo.jpg","width":800,"height":800,"caption":"Cyber Recycling"},"image":{"@id":"https:\/\/cyberrecycling.com.au\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/CyberRecycling\/","https:\/\/www.instagram.com\/cyber.recycling\/"]},{"@type":"Person","@id":"https:\/\/cyberrecycling.com.au\/blogs\/#\/schema\/person\/6eec1037909a3ca0117d4e3a830dd68e","name":"jd4r8hdl4z74","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cyberrecycling.com.au\/blogs\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/fb7f5b78f48785d15ee10c467a59c8b5867128e0f9d54fe32c38c77ed4193a9f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fb7f5b78f48785d15ee10c467a59c8b5867128e0f9d54fe32c38c77ed4193a9f?s=96&d=mm&r=g","caption":"jd4r8hdl4z74"},"sameAs":["https:\/\/cyberrecycling.com.au\/newwebsite\/blogs"],"url":"https:\/\/cyberrecycling.com.au\/blogs\/author\/jd4r8hdl4z74\/"}]}},"fimg_url":"https:\/\/cyberrecycling.com.au\/blogs\/wp-content\/uploads\/2025\/07\/2148419161-1.jpg","_links":{"self":[{"href":"https:\/\/cyberrecycling.com.au\/blogs\/wp-json\/wp\/v2\/posts\/11565","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberrecycling.com.au\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberrecycling.com.au\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberrecycling.com.au\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberrecycling.com.au\/blogs\/wp-json\/wp\/v2\/comments?post=11565"}],"version-history":[{"count":0,"href":"https:\/\/cyberrecycling.com.au\/blogs\/wp-json\/wp\/v2\/posts\/11565\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberrecycling.com.au\/blogs\/wp-json\/wp\/v2\/media\/11567"}],"wp:attachment":[{"href":"https:\/\/cyberrecycling.com.au\/blogs\/wp-json\/wp\/v2\/media?parent=11565"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberrecycling.com.au\/blogs\/wp-json\/wp\/v2\/categories?post=11565"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberrecycling.com.au\/blogs\/wp-json\/wp\/v2\/tags?post=11565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}