Ongoing research to be published in the International Journal of Liability and Scientific Enquiry suggests that there is a huge amount of sensitive data still on redundant computer hard disks.
These devices are often disposed of or sold into the second-hand market by corporations, organizations, and individuals with the data intact.
The authors of the report say that this data represents a significant level of risk for commercial sabotage, identity theft, and even political compromise, and suggest that better education is essential to reduce the risk of harm.
It is not well known among computer users that simply deleting a file from the hard disk does not actually remove it from the computer but simply deletes its entry in the index for the hard drive. To remove all traces of a file requires the actual data to be wiped using "digital shredding" software. Such software is readily available and should be run as a high priority by individuals, companies and organizations intending to pass on their legacy computer hardware to third parties.
Andrew Jones, Head of Information Security Research, at British Telecommunications, in Martlesham Heath, UK, working with Glenn Dardick of Longwood University, in Farmville, Virginia, and colleagues Craig Valli, of Edith Cowan University, Western Australia, and Iain Sutherland of the University of Glamorgan, UK, have analyzed data that remained on a number of second hand hard disks that had been obtained on second-hand markets.
"The research revealed that a significant proportion of the disks that were examined still contained considerable amounts of information, much of which would have been of a sensitive nature to the organization or individual that had previously owned the disk," the researchers explain.
The team adds that the percentage of disks that have been effectively wiped had fallen significantly, from 45% to 33%, since the previous year's survey. "With only 33% of working second-hand disks having been effectively wiped, it is reasonable to comment that this is an area where there is significant potential for improvement," they say.
They make several recommendations for improved data security - with regard to hard disks and other storage media, including memory cards, mobile phones, and other devices, and suggest that public awareness campaigns by Government, the media, commerce and/or academia ought to be run to help reduce the risk of sensitive data entering the information black-market.
The 2007 study is being made available in its entirety through the International Journal of Liability and Scientific Enquiry. The team is now completing the 2008 analysis and will announce those results shortly as well. However, the initial results for the 2008 study show that there is still a long way to go regarding the decommissioning of computer hard disk drives. The team expects that the complete 2008 study will be made available for publication by the end of the year.