Deleted Data Files Aren’t…

Deleted files on retired hard drives might be a law suit waiting to happen.  Deleting a file from a disk isn’t enough to wipe the actual information.  In Windows, deleting a file simply tells the operating system it can reallocate the space the file currently occupies.  The file no longer shows up in a folder listing, but the data is still there.  The only way to be sure the information is actually gone is to overwrite all writable areas of the disk.

Organizations that dispose of old PCs or servers without taking special precautions to ensure sensitive information is actually removed from storage are failing to safeguard data that might be covered by regulations like HIPAA, or might reveal enough information about employees and customers to enable identity theft.  There are many utilities available to help with this challenge.  SDelete from Sysinternals, available at the link in Resources below, is a free program you can use to remove the data from one or all files on a disk.

But improper disposition of PCs and servers isn’t the only problem facing many companies.  PDAs and smartphones also present a risk.  Although these devices might store sensitive company information, they are often reassigned or turned in to the wireless vendor without first wiping their storage.

Every organization must have policies and processes in place to ensure the proper handling and disposal of data in its care.  A company that collects consumer and employee information has an obligation to protect it until the data is properly destroyed. 

Author:  Tom Olzak 

Sources:

Don’t leave information on old hard drives

The hidden threat: Residual data security risks of PDAs and smartphones

Resource:

Sysinternals SDelete Data Erase Program – Free Tool

Your email:  
subscribe unsubscribe  

Leave a Reply

You must be logged in to post a comment.