Tuesday, 27 October 2015 00:00

Secure Data Destruction: Why It Matters

Rate this item
(0 votes)

It can be hard to comprehend the scale of the average company’s data footprint. Not only do firms today have local hard drives and tape backups to contend with, but also mobile devices, memory cards and even virtual environments provided through the cloud. Every bit of that data needs to be managed securely and compliantly – not just in storage and transit, but also at the end of its lifecycle.

Everyone ought to understand the importance of erasing data. If you’re selling a smartphone on eBay, the chances are you’ll want to make sure the buyer, regardless of intent, can’t dig up your old photographs and text messages. Similarly, most companies have legal obligations to destroy any sensitive information they’re no longer using.

Nonetheless, some consumers and businesses exhibit a surprising degree of negligence in this respect. According to a 2012 study from the Information Commissioner’s Office (ICO), the UK regulator responsible for enforcing the Data Protection Act, as many as one in ten second-hand hard drives sold online contain personal information. In the same year, the ICO fined one NHS trust £325,000 for selling old hardware on eBay that still held confidential records on thousands of patients and staff members.

Note that when the Data Protection Act is swapped for the more stringent EU General Data Protection Regulation next year, fines for equivalent acts of non-compliance will skyrocket – the new rules stipulate penalties of up to five per cent of a company’s annual turnover, or €100,000,000 (£80,000,000).

What makes data destruction secure?

As the above cautionary tale demonstrates, not taking pains to permanently erase data can lead to catastrophe. In an age of increasingly smart, interconnected technology, it bears remembering that every byte of electronic information exists in physical form – no matter what it looks like on screen, there’s a hard drive platter or memory chip somewhere that’s ripe for the taking.

So, businesses – and privacy-conscious consumers – need to keep track of data assets that have come to the end of their lifecycle, and then destroy them at their origin. This might not sound like too complex a job – even someone with rudimentary knowledge of technology might be familiar, in theory if not in practice, with concepts like a disk format or factory reset. Failing that, it might still occur to them to toss an old laptop into a skip rather than risk its unauthorised reuse.

Unfortunately, secure data destruction isn’t actually that simple. None of the above methods guarantee that the information stored on those devices won’t be recoverable – in fact, it might take little more than a few minutes with a free software package to retrieve it.

What’s wrong with a hard drive format?

To elaborate, take the example of the disk format. The common assumption is that this wipes the medium outright, but that’s not actually true – most of the time, a format leaves almost all of the data intact. Its purpose is to strip out the existing file system – if any – and generate a new one, not to securely and permanently erase sensitive information. The operating system might not be able to read it as normal, but it’s still there.

For a simple analogy, think of a hard drive as an enormous library in which books represent individual files. A quick format is the equivalent of throwing away the catalogue – it might be difficult to navigate the library without it, yes, but the books are very much still in existence. As for recovering this information, it requires little to no technical knowledge.

What about a factory reset on a mobile device?

Although the process might seem different, carrying out a factory reset on a smartphone or other device with flash memory is identical to a conventional disk format – the contents of the chip stay right where they are, invisible to the operating system but recoverable nonetheless.

This was demonstrated in a somewhat disturbing study from Avast in 2014. The company bought 20 second-hand, factory-reset Android smartphones from eBay and, using off-the-shelf recovery software, retrieved an astonishing amount of private data: 40,000 photos, 750 emails and text messages, and 250 contact names and addresses, all told. As the use of mobile devices grows more prevalent in the world of business, it’s evident that companies need to extend their secure data destruction practices beyond traditional hard drives and tape archives.

Why not physically destroy the hardware?

Even literally destroying hardware is no guarantee that the data contained therein will be unrecoverable. An intact hard drive is easy to transplant from one machine to another, for example, while even a shattered one can be reassembled and transcribed with enough effort. With flash memory, things are a little different – the data is permanently erased if the memory chip is destroyed, but in any other scenario, it can still be recovered. Busted controller chip? No problem – the memory itself can be moved into another unit.

Ergo, although it comes across as a last-ditch, fail-safe method, even taking a hammer to hard drives won’t necessarily render sensitive information irretrievable. There’s a need, for reasons of legality as well as privacy and security, for even securer techniques for the destruction of end-of-life data.

Reference : http://blog.krollontrack.co.uk/concepts-explained/secure-data-destruction-matters/

Last modified on Tuesday, 27 October 2015 10:05
Data Recovery Expert

Viktor S., Ph.D. (Electrical/Computer Engineering), was hired by DataRecoup, the international data recovery corporation, in 2012. Promoted to Engineering Senior Manager in 2010 and then to his current position, as C.I.O. of DataRecoup, in 2014. Responsible for the management of critical, high-priority RAID data recovery cases and the application of his expert, comprehensive knowledge in database data retrieval. He is also responsible for planning and implementing SEO/SEM and other internet-based marketing strategies. Currently, Viktor S., Ph.D., is focusing on the further development and expansion of DataRecoup’s major internet marketing campaign for their already successful proprietary software application “Data Recovery for Windows” (an application which he developed).

43 comments

  • Comment Link Nannette Wednesday, 07 March 2018 10:48 posted by Nannette

    First of all I want to say awesome blog! I had
    a quick question that I'd like to ask if you do not mind.
    I was interested to find out how you center
    yourself and clear your mind before writing. I have had
    difficulty clearing my mind in getting my ideas out there.
    I do enjoy writing however it just seems like the first 10 to 15
    minutes are wasted simply just trying to figure out how to begin. Any
    recommendations or tips? Many thanks!

  • Comment Link Brenna Saturday, 24 February 2018 08:02 posted by Brenna

    The other sort of base is the coarse asphalt base.

  • Comment Link Florida Friday, 23 February 2018 16:06 posted by Florida

    Normally Towing services are at all times in need.

  • Comment Link Victoria Thursday, 22 February 2018 23:49 posted by Victoria

    But different tree services could cost additional.

  • Comment Link Alberta Thursday, 08 February 2018 00:53 posted by Alberta

    Study more about our Cincinnati Limousine Firm.

  • Comment Link Judi Wednesday, 31 January 2018 22:09 posted by Judi

    I believe this is among the most vital info for me. And i am glad reading
    your article. But want to commentary on some general things, The website style is great, the articles is in reality excellent : D.
    Just right process, cheers

  • Comment Link Jason Tuesday, 23 January 2018 22:05 posted by Jason

    This is really interesting, You're a very skilled blogger.
    I have joined your rss feed and look forward to seeking
    more of your great post. Also, I've shared your web site in my social networks!

  • Comment Link Vivian Sunday, 14 January 2018 08:13 posted by Vivian

    whoah this weblog is great i like studying your articles.
    Keep up the great work! You recognize, a lot of persons are
    looking round for this info, you can help them greatly.

  • Comment Link Angelo Saturday, 13 January 2018 20:17 posted by Angelo

    You really make it appear so easy with your presentation however I find this matter to be actually something which I think I might by no means understand.
    It kind of feels too complicated and extremely broad for
    me. I'm having a look forward for your next post, I'll
    try to get the hold of it!

  • Comment Link Ara Wednesday, 22 November 2017 03:59 posted by Ara

    I loved as much as you will receive carried out right here.
    The sketch is tasteful, your authored subject matter stylish.

    nonetheless, you command get bought an nervousness over that you wish be delivering the following.
    unwell unquestionably come more formerly again as exactly the same nearly a lot often inside case you shield this hike.

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.