Throwing out old IT might mean giving valuable data away, says Edward Wilding. Make sure you leave nothing to find
Computers and data storage media require secure disposal. The inadvertent disclosure of confidential information is embarrassing, undermines client confidence and, in many jurisdictions, is unlawful; in the EU, for example, the disclosure of personal and financial information is an offence under data protection laws.
The failure to destroy data prior to the disposal of computers has, on occasions, led to severe embarrassment. In February 2000, an obsolete computer sold by a bank contained 108 files relating to Sir Paul McCartney's private cash dealings. The PC was released for second-hand sale without first being wiped securely of financial data.
Another incident occurred in October 2005, when classified cruise missile data and control software ended up in a second-hand shop after a naval officer confessed to selling three laptops that contained files marked 'Top Secret - for UK/USA eyes only' for cash. More recently, second-hand computers released to Nigeria under an aid scheme were found to contain sensitive client banking information.
It is not sufficient to delete files on computers - the data remains in situ and may be restored using forensic software. Information is recovered every day from hard disks that have been subjected to concerted attempts at data elimination.
The recommended procedure for wiping data from hard disks, diskettes and magnetic computer media is that it is purged using secure erasure software. Deleted files on removeable media such as USB memory sticks may also be erased securely this way. Positive erasure options vary, from a quick, single-pass sanitation method that overwrites all data on the disk with zeros to an ultra-secure sanitation that overwrites the data a total of 35 times. For all practical purposes, a single overwrite of the data is sufficient to confound data recovery efforts.
Non-magnetic media, such as CD-ROMs, DVDs and optical disks that cannot be overwritten, require physical destruction. A number of commercially available shredders can destroy CDs, DVDs, credit cards, Zip disks, 4mm DAT backup tapes and even LS 120 superdisks.
It is also necessary to secure information on any computer or device sent for service, repair, maintenance or upgrade to ensure information is not divulged. Strong disk encryption provides a profound defence against information leaks. Another simpler option is to remove the hard disk of any computer prior to its despatch, if possible.
Edward Wilding is co-director of Data Genetics International and author of Information Risk and Security
More from News
-
NewsFirms must reveal profit and loss figures from 2027
Law practices will no longer be able to hide behind veil of abridged accounts.
-
NewsTribunal member’s pay claim dismissed over ‘worker’ status
Employment tribunal finds specialist tribunal member did not work under a contract but held office.
-
NewsOutgoing bar watchdog savages Legal Services Board
Bar Standards Board chair says regulatory structure established by Legal Services Act 2007 is ‘failing’.
Partnership
Charity Explorer provides a reputable reference tool for solicitors, will-writers and their clients who want to leave a legacy or charitable gift.
Visit Charity Explorer
Whether you are looking for legal expert witnesses, legal training/CPD providers, international law firms, administration of estates, legal software suppliers, barristers chambers or any other general legal service, the Legal Services Directory will provide a suitable option.
Visit Legal Services Directory
No comments yet