A solicitor's duty of confidentiality does not end when a laptop is retired. Old computers, servers, and drives in a law firm hold privileged client information that must be destroyed, not just discarded. ITC provides certified, fully documented IT asset disposition for Sydney legal practices.
Law firms hold some of the most sensitive information of any business: privileged client communications, case files, financial records, settlement details, and personal data, often going back years. That information lives on the firm's computers, servers, mobile devices, and backup drives, and it does not disappear when the hardware is retired.
A solicitor's duty of confidentiality under the Australian Solicitors' Conduct Rules applies to all information obtained during a client's engagement, and it continues even after the retainer has ended. That duty does not stop at the office door. When a firm disposes of old IT equipment, any recoverable client data on that equipment remains the firm's responsibility. Deleting files or reformatting a drive does not remove the data, so disposal without certified data destruction is a confidentiality risk, not just an IT housekeeping task.
On top of the professional conduct duty, law firms that handle personal information also carry obligations under the Privacy Act, which requires reasonable steps to destroy or de-identify personal information that is no longer needed. For a law firm, secure IT asset disposition is where the professional duty of confidentiality and the statutory privacy duty meet.
Confidentiality enduresThe duty to keep client information confidential continues after a matter closes, and extends to data on retired hardware.
Privileged materialCase files, advice, and communications on old devices remain privileged and recoverable until the media is destroyed.
Deleting is not destroyingReformatting or deleting leaves data recoverable. Only certified sanitisation or physical destruction removes it.
Evidence mattersIf a question is ever raised, a serialised Certificate of Destruction is your proof the data was handled correctly.
A complete IT asset disposition service for law firms, from collection through to certified destruction and recycling.
Whether you are a sole practitioner upgrading a few machines, a mid-size firm refreshing the office, or a practice closing or merging and decommissioning everything at once, ITC manages the full process under a documented chain of custody. We handle desktops and laptops, file and email servers, network-attached storage and backup drives, mobile phones and tablets, multifunction printers and copiers (which store images of scanned and printed documents), and loose hard drives and media in storage.
Every data-bearing device is sanitised to the NIST 800-88 standard using Blancco, or physically destroyed by shredding where the data sensitivity warrants it. Working equipment can be securely wiped and recovered for value through buyback, and end-of-life hardware is recycled in line with the AS/NZS 5377 standard. You receive serialised Certificates of Destruction and Recycling documenting every device.
| Equipment | How ITC handles it |
|---|---|
| Desktops & laptops | Drive sanitisation to NIST 800-88 with Blancco, or physical destruction, then recycling or buyback. |
| Servers & storage | The most concentrated client data. Decommissioned under chain of custody with certified destruction. |
| Mobiles & tablets | Full sanitisation, since email, documents, and saved credentials persist after a basic reset. |
| Printers & copiers | Internal drives store scanned and printed documents and are sanitised or destroyed like any drive. |
| Loose drives & backups | Old hard drives, SSDs, and backup media in storage, individually accounted for and destroyed. |
For a law firm, secure disposal sits at the intersection of professional conduct and privacy law. Figures below are from named public sources.
A documented, repeatable process designed around confidentiality and evidence.
We identify every device to be retired, including loose drives and storage, and classify data sensitivity before anything leaves your premises.
Equipment is collected under documented chain of custody, tracked from your office to our facility, under our ISO/IEC 27001:2022 certified process. On-site options are available for the most sensitive material.
Each device is sanitised to NIST 800-88 with Blancco, or physically destroyed by shredding or degaussing for high-sensitivity data.
Working equipment is securely wiped and assessed for resale through buyback, returning value to the firm where possible.
End-of-life hardware is recycled in line with AS/NZS 5377, and you receive serialised Certificates of Destruction and Recycling for your records.
Closing a practice, merging, or relocating creates a concentrated disposal event with heightened confidentiality risk, often years of files across many devices at once. ITC manages these as a single documented project, with a full inventory and certificates for every device, so the responsible partners have clear evidence that client information was destroyed correctly. See our decommissioning service for larger setups.
Common questions from Sydney law firms about disposing of IT equipment securely.
Yes. Under the Australian Solicitors' Conduct Rules, the duty to keep client information confidential applies to all information obtained during a client's engagement and continues after the retainer ends. That duty extends to recoverable client data on retired computers, servers, and drives, which is why certified data destruction is needed before disposal.
No. Deleting files or reformatting a drive only marks the space as reusable; the data remains recoverable until it is overwritten. To reliably remove client data, the storage must be sanitised to a recognised standard such as NIST 800-88 or physically destroyed. ITC provides both, with a serialised certificate for each device.
A serialised Certificate of Destruction listing each device and its destruction method, and a Certificate of Recycling for the downstream material recovery. For a firm, these are the evidence that client information was handled correctly if the question is ever raised by a client, regulator, or insurer.
Yes. ITC manages everything from a few machines to a complete office decommission, merger, or closure as a single documented project, with a full device inventory and certificates throughout. This is often when confidentiality risk is highest, because years of files across many devices are disposed of at once.
Yes. For the most sensitive material, on-site data destruction is available so that media is destroyed at your premises and does not leave the office intact. Otherwise, collection runs under a documented chain of custody to our facility.
Yes. ITC holds ISO/IEC 27001:2022, ISO 14001:2015, ISO 9001:2015, and ISO 45001:2018 certification, destroys data to the NIST 800-88 standard with Blancco, and recycles e-waste in line with the AS/NZS 5377 standard.
ITC provides certified, fully documented IT asset disposal and data destruction for Sydney law firms, with serialised certificates at every stage.
