This statement provides Seagate customers with an overview of what happens to data on products when returned to Seagate. In order to protect your privacy and other interests in data, you should delete all data, or as much as possible, prior to returning any product to Seagate. Seagate realizes, however, that you may not be able to erase certain data on returned products. In any event, Seagate will take the steps described in this statement to protect the physical security of such products and, if applicable, overwrite data as early as possible on products recertified by Seagate.
Seagate has coordinated with the National Security Agency (NSA) and the Center for Magnetic Recording Research (CMRR) to ensure that any products repaired by Seagate are in compliance with or exceed the appropriate U.S. Government specifications. Seagate repair processes follow Best Industry Practices which call for a Purging of data from the media. Seagate has verified that not only does its repair process overwrite user addressable locations, but the process also overwrites the non-user accessible locations. Seagate uses random characters, high-frequency patterns and digital zeros patterns to match the drive design technologies.
The Seagate repair process ensures that all data is overwritten in a way that exceeds the appropriate U.S. Government specifications. Seagate's process of media sanitization may be considered an advantage among those in the health industry user community (e.g., HIPAA, the Health Insurance Portability and Accountability Act, April 2003, which enforces patient data privacy and confidentiality), the financial community, the government user community, and other users that deal with sensitive data.
In addition to its process of media sanitization, Seagate also takes steps to ensure the collection, warehousing, shipping, testing, recertifying and scrapping of disk drives meet Seagate security standards which generally exceed industry averages.
Seagate has established Standard Contractual Clauses which are in place among Seagate entities including the vender's Seagate uses to transport returned DNR hard drives. (Drive Not Ready). Standard Clauses are a lawful transfer mechanism for the extraterritorial transfer of personal end user data on failed disk drives from the (EU) European Union, to non-adequate countries outside the (EU) European Union. Some of the non-EEA European Economic Area countries, are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. The full list of these countries are available Here.
For additional information on this subject, please see our document "Media Sanitization Practices During Product Return Process".
If you have any comments or questions, please do not hesitate to contact Seagate.
Updated: April 8, 2019