Your organization's IT staff spends considerable time and resources protecting your data while your computers are in active service, but is your data protected as carefully once your computers reach their end-of-life and are out of your control? Most companies focus on the dangers posed by hackers and other types of intruders, when in many cases an even bigger threat is the loss of data that remains on hard drives when a computer is taken out of service. It only takes one improperly recycled hard drive for an organization to lose valuable customer information, such as credit card information or sensitive trade secrets. Your organization can be held responsible if private data ends up in the wrong hands. Some of the laws and regulations that apply to this data include:
▲ HIPAA - Regulates the use of personal medical data.
▲ Gramm-Leach-Bliley Act - Governs use of financial information.
▲ Sarbanes-Oxley Act - Requires public companies to establish key internal controls to improve confidentiality of financial data.
▲ The Patriot Act - Access to data by law enforcement.
▲ Identity Theft and Assumption Deterrence Act - Makes the theft of personal information with the intent to commit an unlawful act a federal crime.
So what do you do to prevent data on discarded computers from falling into the wrong hands? One option is to make sure the data is deleted before leaving your control. This can be done several different ways, most of them not very effective. Your options include:
The most common method is to use the operating system file delete command. This is what most users do when they want to delete data from their computer. In Microsoft Windows, deleting a file simply moves the file to the Recycle Bin, from which it can easily be retrieved. Deleting the file from the Recycle Bin removes the file from the system file list (in Windows the file allocation table), but does not delete the actual file on the hard drive. Until the data is eventually overwritten by new data, it can still be reconstructed, as in Figure 9-13.
File Allocation Table
Was this article helpful?