It can be hard to comprehend the scale of the average company’s data footprint. Not only do firms today have local hard drives and tape backups to contend with, but also mobile devices, memory cards and even virtual environments provided through the cloud. Every bit of that data needs to be managed securely and compliantly – not just in storage and transit, but also at the end of its lifecycle.
Everyone ought to understand the importance of erasing data. If you’re selling a smartphone on eBay, the chances are you’ll want to make sure the buyer, regardless of intent, can’t dig up your old photographs and text messages. Similarly, most companies have legal obligations to destroy any sensitive information they’re no longer using.
Nonetheless, some consumers and businesses exhibit a surprising degree of negligence in this respect. According to a 2012 study from the Information Commissioner’s Office (ICO), the UK regulator responsible for enforcing the Data Protection Act, as many as one in ten second-hand hard drives sold online contain personal information. In the same year, the ICO fined one NHS trust £325,000 for selling old hardware on eBay that still held confidential records on thousands of patients and staff members.
Note that when the Data Protection Act is swapped for the more stringent EU General Data Protection Regulation next year, fines for equivalent acts of non-compliance will skyrocket – the new rules stipulate penalties of up to five per cent of a company’s annual turnover, or €100,000,000 (£80,000,000).
What makes data destruction secure?
As the above cautionary tale demonstrates, not taking pains to permanently erase data can lead to catastrophe. In an age of increasingly smart, interconnected technology, it bears remembering that every byte of electronic information exists in physical form – no matter what it looks like on screen, there’s a hard drive platter or memory chip somewhere that’s ripe for the taking.
So, businesses – and privacy-conscious consumers – need to keep track of data assets that have come to the end of their lifecycle, and then destroy them at their origin. This might not sound like too complex a job – even someone with rudimentary knowledge of technology might be familiar, in theory if not in practice, with concepts like a disk format or factory reset. Failing that, it might still occur to them to toss an old laptop into a skip rather than risk its unauthorised reuse.
Unfortunately, secure data destruction isn’t actually that simple. None of the above methods guarantee that the information stored on those devices won’t be recoverable – in fact, it might take little more than a few minutes with a free software package to retrieve it.
What’s wrong with a hard drive format?
To elaborate, take the example of the disk format. The common assumption is that this wipes the medium outright, but that’s not actually true – most of the time, a format leaves almost all of the data intact. Its purpose is to strip out the existing file system – if any – and generate a new one, not to securely and permanently erase sensitive information. The operating system might not be able to read it as normal, but it’s still there.
For a simple analogy, think of a hard drive as an enormous library in which books represent individual files. A quick format is the equivalent of throwing away the catalogue – it might be difficult to navigate the library without it, yes, but the books are very much still in existence. As for recovering this information, it requires little to no technical knowledge – anyone can go about it with software tools such as Ontrack EasyRecovery.
What about a factory reset on a mobile device?
Although the process might seem different, carrying out a factory reset on a smartphone or other device with flash memory is identical to a conventional disk format – the contents of the chip stay right where they are, invisible to the operating system but recoverable nonetheless.
This was demonstrated in a somewhat disturbing study from Avast in 2014. The company bought 20 second-hand, factory-reset Android smartphones from eBay and, using off-the-shelf recovery software, retrieved an astonishing amount of private data: 40,000 photos, 750 emails and text messages, and 250 contact names and addresses, all told. As the use of mobile devices grows more prevalent in the world of business, it’s evident that companies need to extend their secure data destruction practices beyond traditional hard drives and tape archives.
Why not physically destroy the hardware?
Even literally destroying hardware is no guarantee that the data contained therein will be unrecoverable. An intact hard drive is easy to transplant from one machine to another, for example, while even a shattered one can be reassembled and transcribed with enough effort. With flash memory, things are a little different – the data is permanently erased if the memory chip is destroyed, but in any other scenario, it can still be recovered. Busted controller chip? No problem – the memory itself can be moved into another unit.
Ergo, although it comes across as a last-ditch, fail-safe method, even taking a hammer to hard drives won’t necessarily render sensitive information irretrievable. There’s a need, for reasons of legality as well as privacy and security, for even securer techniques for the destruction of end-of-life data.
In our next blog, we’ll explore how this can be accomplished via three different government-approved methods, their respective advantages and disadvantages, and the tools you’ll need to securely and permanently erase data at home.