A study by the Information Commissioner’s Office (ICO) reveals that 10% of second-hand hard drives sold online may still contain personal or corporate data.
The ICO survey also found that 65% of British adults hand over old phones, computers, and laptops to other users, some of which, like hard drives, may still contain personal information.
NCC Group, a computer forensics company secured 200 devices bought online and computer trade fairs. The company found that while 52% of hard drives were unreadable or had been wiped of all data, 48% of them contained information with 11% being private data.
Around 34,000 files containing personal or corporate data were recovered from the devices. Two of the devices studied contained enough information for identity theft, while several others contained employee health and financial information from organisations.
"We live in a world where personal and company information is a highly valuable commodity," said Information Commissioner, Christopher Graham. "It is important that people do everything they can to stop their details from falling into the wrong hands. Today’s findings show that people are in danger of becoming a soft touch for online fraudsters simply because organisations and individuals are failing to ensure the secure deletion of the data held on their old storage devices."
Graham says that many people are misinformed when it comes to properly erasing their personal data off devices.
"Many people will presume that pressing the delete button on a computer file means that it is gone forever," he said. "However, this information can easily be recovered."
The research also revealed that one in ten people that have disposed of their computer, laptop or mobile phone, say they have never deleted their personal information off the device before selling or throwing it away.
The ICO research further signifies the need for people to educate themselves about proper data protection.
"ICO indicates that many users now sell their old devices, a trend that is particularly common amongst 18-24 year olds," said Ollie hart, head of UK public sector at Sophos. "With this in mind, it’s critical that education starts at a young age and everyone understands the impact of the data they have."
The ‘Bring Your Own Device’ trend within companies also has significant security risks as important corporate data may be put on personal devices.
"As the boundaries blur, there is a rising risk of corporate data ending up on personal devices," said Hart." The more devices we use, meanwhile, the harder it is to keep track of what data we’re storing where.
"It’s disappointing to see yet another example of organisations either not caring, or not understanding their obligations. Ultimately, it is the responsibility of organisations to ensure that the data they are entrusted with is stored responsibly, whether that be centrally or locally. "
The Information Commissioner’s Office lists some ways to properly delete data:
- Physical destruction
- Restore to factoring settings
- Secure deletion software
- Send to a specialist
Please follow this author on Twitter @Tineka_S or comment below.