The company I work for has started handling what my boss considered "confidential and sensitive" material. Needless to say, it's not as sensitive as he makes it out to be. Nonetheless, a security expert / friend of my boss told him he needs to perform daily back-ups of the files on the server (which I agree with and have been doing).
My boss explains that he doesn't want to use the cloud because he doesn't believe his information will be secure from prying eyes and the security expert recommended that we save locally to portable hard drives BUT every month we destroy the hard drives and replace them with new drives.
His reasoning was to ensure the information was secure (locally), and to keep the back ups safe from dormant viruses.
Literally throwing away hard drives every month seems a bit extreme. My thought was to buy w or 3 sets of drives, performing multiple wipes and partitioning before putting the drives back into rotation.
In short, I wanted to know if trashing drives every month or so was truly necessary as opposed to being a potential waste of money.
Full summary of backing up is as such: Server is set up in a RAID array, select space of the server storing a simple back up, one external hard drive performing a back up at noon (auto dis/connects), one external hard drive performing a back up at midnight (auto dis/connects), computer at another office performing a single daily back up (connection is ONLY established during back-ups).