Some 30 percent of businesses in the UK leave data, some of it sensitive, on their PCs when they dispose of them, according to research findings released this week by computer maker Lenovo.
In the survey of 300 businesses commissioned by the UK-Ireland arm of the company, 29 percent of IT managers in large companies with 1,000 or more employees and 30 percent of them in mid-sized ones with 250 to 999 workers revealed that they had possibly, probably or definitely left data on PCs when they disposed of them.
“It is essential for organizations to consider secure data disposal when refreshing end-of-life computers in order to avoid becoming susceptible to potentially immeasurable business risk,” Chris Wells, Lenovo’s vice president for the UK and Ireland, said.
Lenovo’s findings are slightly higher than those released in a BT study last year. That research, which analyzed 317 secondhand hard drives purchased in the UK, Australia, Germany and the United States, found that 23 percent of the drives that originated with businesses contained enough information to identify those businesses and that 5 percent had sensitive information on them.
Just days after the release of the BT study, the BBC reported that bank account details for thousands of Her Majesty’s subjects were being sold for less than Pounds 20 (US$40) a pop by Nigerians who had scrounged the info from recycled UK PCs sent to Africa.
Leaving data on a PC when disposing of it is not necessarily a bad thing, however, if a computer is headed to a recycler that’s trusted by a business. That’s because the recycler will erase a PC’s hard drive or, better yet, crush it before it moves on to its next destination.
Hole in Hard Drive
“All of the assets that we receive that have resale value, will go through a data wipe,” Joe Strathmann, worldwide asset recovery services senior manager for Dell in Round Rock, Texas, told the E-Commerce Times.
“Systems that don’t have any remarketing value will have a hole punched in their hard drives or be completely shredded,” he added.
By customer request, Dell will do an on-site data wipe of hard drives before they reach one of the company’s environmental recycling partners, he noted.
“Even when we do the on-site data wipe, we still do the data wipe at the environmental partners as an added precaution,” he noted.
In addition, those partners are monitored by outside auditors to ensure compliance with Dell’s data destruction requirements.
Concern over leaving sensitive data on PCs when they’re disposed of, Strathmann said, “is the number one reason in the U.S. that customers choose to use a third-party provider like Dell to handle the disposal of their assets.”
Enlisting a professional computer trashman, though, isn’t a guarantee of secure PC disposal, asserted Kory Bostwick, the principal in PC Disposal, a computer recycler in Olathe, Kan.
“There are a few legitimate companies out there doing what we do,” he told the E-Commerce Times. “There are a lot of fly-by-night guys that don’t.”
One of PC Disposal’s selling points is that its work is insured.
“It order to get insurance, you have to meet certain requirements from the insurance company for processes and controls,” he explained.
“Typically the guy out there that’s saying he’s doing this stuff for free doesn’t carry insurance,” he added.
“Our customers enjoy the sense of comfort that comes with a certificate from us that says a computer with a particular serial number has undergone a DoD (U.S. Department of Defense) data cleansing,” he maintained.
Cleansing a hard drive is different from just reformatting it, explained Erik Bisiar, president of Recycle Techs in Spokane, Wash.
“If you do a format on a hard drive,” he told the E-Commerce Times, “that’s not wiping it. That’s still 100 percent recoverable.”
Wiping a drive involves rewriting its surface with dummy data — usually just zeros and ones — a number of times. The highest DoD standard is seven times.
“There are lots of people who think they’re taking precautions, but they’re really not,” Bisiar said.
“I’ve seen a lot of businesses just take their stuff to the dump and not wipe the hard drives,” he added. “That can be a huge problem.”