Data-Bearing Device Reference & Destruction Guide

Equipment categories that may retain data requiring secure destruction or verified erasure.

1. Computers & Servers

Every internal drive counts — and some units have several.

Servers & rack storage · desktops · laptops

• Desktops / towers — internal HDD or SSD, sometimes more than one
• Laptops & notebooks — internal drive, often soldered SSDs on newer models
• All-in-ones (iMac, etc.) — drive built into the display chassis
• Workstations — frequently have RAID arrays with multiple drives
• Servers — highest-risk item; multiple drives, hot-swap bays, plus onboard RAID controller storage

2. Storage Devices

The core data-bearing category — destruction or verified wiping matters most here.

Hard drives (HDD) · solid state drives (SSD / NVMe / M.2) · NAS

• Internal hard drives (HDD) — spinning platters; can be degaussed or shredded
• Solid state drives (SSD / NVMe / M.2) — cannot be reliably degaussed; require crypto-erase or physical shred
• External / portable drives — USB-connected desktop and pocket drives
• NAS & SAN units — multiple drives plus a config OS that may also hold data
• RAID controllers & cache modules — battery-backed cache can retain data

3. Mobile Devices

Often overlooked at decommission — and they hold the densest personal/business data.

Smartphones · tablets · wearables

• Smartphones (iOS & Android) — internal flash, plus possible SIM/SD storage
• Tablets / iPads — same considerations as phones
• Smartwatches & wearables — sync and cache messages, health data, credentials

4. Networking Equipment

The category most checklists miss. Stores configs, credentials, logs, and VPN keys in nonvolatile memory.

Switches · routers · firewalls · access points

• Routers & firewalls — config files, stored passwords, VPN certs, ACLs
• Managed switches — VLAN configs, SNMP creds, port logs
• Wireless controllers & access points — Wi-Fi keys, RADIUS secrets
• Load balancers / UTM appliances — often have actual SSDs inside

5. Multifunction Printers & Copiers

A classic audit gotcha. MFPs since the mid-2000s typically store an image of every document scanned, copied, faxed, or printed.

Office copiers · multifunction printers · fax machines

• Multifunction printers (MFP) — internal HDD/SSD with document image cache
• Standalone copiers — same internal storage
• Production / large-format printers — spool drives
• Fax machines — stored sent/received logs and images

6. Removable & Portable Media

Small, easy to misplace, and frequently still loaded with data on arrival.

USB drives · SD / microSD cards · LTO backup tapes · optical discs

• USB flash drives — the most-lost data-bearing item
• SD / microSD / CF cards — pulled from cameras, dashcams, phones
• Optical media — CDs, DVDs, Blu-rays (shred or destroy)
• Backup tapes (LTO, DLT) — high data density; degauss or shred
• Legacy media — floppy disks, Zip disks, old tape cartridges

7. Point-of-Sale & Payment Terminals

PCI-DSS scope. Card terminals and POS systems can retain cardholder data, transaction logs, and stored credentials — treat as high-sensitivity and never resell without verified data destruction.

Credit card terminals · PIN pads · POS registers · payment tablets

• Credit card / payment terminals & PIN pads — cardholder data, transaction history, encryption keys
• POS registers & all-in-one POS systems — full transaction databases, often a Windows/Android device underneath
• Mobile card readers (Square, Clover, etc.) — paired account data and tokens
• Receipt/order tablets — customer and payment data cached locally

8. Less Obvious / Embedded Storage

Items with storage buried inside that clients rarely flag.

VoIP phones · DVR/NVR & cameras · game consoles · IoT & smart devices

• VoIP / IP desk phones — contacts, call logs, voicemail, credentials
• Security DVRs / NVRs & IP cameras — surveillance footage on internal drives
• Game consoles — accounts, saved data, payment info
• Digital cameras & camcorders — internal memory plus removable cards
• Smart / IoT devices — voice assistants, thermostats, smart TVs (cache accounts and Wi-Fi creds)
• Vehicle infotainment modules — paired phone data, contacts, location history
• Medical & industrial equipment — embedded drives, often with regulated data

Destruction Method Quick Reference

The most common compliance error is degaussing flash media — it does not work. Match method to media type.