ICO warns of second-hand data leaks

April 26, 2012 // 1:08 p.m.

Tags: #dariks-boot-and-nuke #forensics #ico #information-commissioner #ncc-group #privacy #second-hand #security

The Information Commissioner's Office (ICO) has released a report urging consumers to take more care of old computing equipment, following an investigation into data on second-hand hard drives.

To analyse the risk from the sale of second-hand computing equipment, ICO drafted in computing forensic company NCC Group to buy around 200 hard drives, 20 memory sticks and 10 mobile phones from internet auction sites and computer fairs back in 2010.

Once the hardware was in NCC's sticky hands, the company ran readily-available undelete software across the devices and found that 48 per cent still contained recoverable data. In total, 11 per cent of the devices held data the company rated as 'personal.'

That personal data - amounting some 34,000 individual files - was in some cases enough, the company claimed, to enable a ne'er-do-well to steal the previous owner's identity. Documents found during the process included bank statements, scanned passport images, details of driving offences and medical information. A further four hard drives were found to contain information about employees and clients of businesses which had previously owned the hardware, including health and financial details.

'We live in a world where personal and company information is a highly valuable commodity. It is important that people do everything they can to stop their details from falling into the wrong hands,' warned information commissioner Christopher Graham of the report. 'Today's findings show that people are in danger of becoming a soft touch for online fraudsters simply because organisations and individuals are failing to ensure the secure deletion of the data held on their old storage devices.

'Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered. The ICO has published guidance to help individuals securely delete information stored on their old devices. We hope this publication will help people to take better control of their personal data.
'

The ICO's advice on securely erasing drives can be red on the official website, although we'd suggest learning to use Darik's Boot and Nuke is a better use of your time.

QUICK COMMENT

View this in the forums

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU