Study Finds Devices Are Not Wiped Properly
People hang on to old electronics for privacy reasons and fear of data theft in case their devices are not wiped properly. To prevent anyone from accessing your data in future, you have to make sure it is permanently deleted. As an average person, you might not know how to erase all data on your hard drive or determine if all personal data has been cleaned out from a cell phone.
Before recycling old electronic devices such as smartphones or tablets, you need to hire a data destruction company to wipe out the drive and ensure there is no trace of identifiable information. Smartphones and electronic gadgets have backup storage which could hold sensitive information in the background. The gadgets can be disposed of, but are you confident that your personal information can’t be compromised?
In the first quarter of this year, The National Association for Information Destruction (NAID) conducted a study which revealed 40% of the devices the group bought on recycled markets had PII on them. PII recovered included credit card information, tax details, contact information, usernames and passwords, company, and personal data. NAID is an international watchdog trade and non-profit trade association for the secure destruction industry.
The Association used CPR Tools data recovery services, specifically commercially available tools, to perform basic data forensic transfer from working storage devices. The devices inspected act as a representative view of what electronic users own and dispose of.
According to CPR Tools CEO John Benkert, there is a likelihood of unauthorized or unintended access to data storage in every aspect of technology. He says that auction, resell and recycling sites have created a revenue stream in used devices but the real value is in the data that the public unintentionally leaves in the gadgets.
The law requires organizations to destroy information on recycled devices. Failure to stop undestroyed information from passing to unauthorized persons is violating the law. To protect personal data from being compromised, NAID requires that recycled IT equipment goes to a qualified service provider, whose focus is secure data destruction. The data company should obtain legally binding assurance that the recycling is accepting responsibility.