Wednesday, May 30, 2007

Sensitive data at Goodwill? Wipe that drive!

A recent story on KXL.com caught my eye today, one that has sadly become all-too frequent: a laptop with sensitive data is in public hands.

This latest episode of an ongoing saga involves a portable computer purchased for eight dollars from a Goodwill store in Portland, Oregon. The buyer got more than their eight bucks worth when they found a spreadsheet with medical records on the used laptop. According to the report, Goodwill generally erase hard drives before reselling computers. Apparently this one fell through the cracks.

So how can you protect yourself and your data when you pass along your computer for recycling or reuse? What should you do to keep your sensitive history from the bad guys?

Wipe that drive!

And of course (or I likely wouldn't have much to blog about ;-) ), it's easier than it sounds. Sorry folks! Simply erasing or formatting your hard drive isn't quite enough. When a hard disk drive is formatted, sure it makes the drive available for re-use and shows no files found, but a clever hacker or curious computer buyer can often dig up the digital remains.

To protect yourself, and be confident the data is gone, gone I recommend the following steps:
  • Use a wipe utility that destroys the data completely -- formatting isn't enough as your files may still be hidden beneath the curtain.
  • Remove the hard drive -- take the drive out and toss it in a shoebox, recycle it seperately, or: destroy it physically (also great agression-reduction therapy!)
  • Send your computer to a computer recycle shop -- many of the specialists have policies and standards to wipe hard drives... ask when you drop off your old computer.
  • A business subject to Sarbanes-Oxley controls should ensure their IT department is following appropriate handling of used hard drives.


My favorite computer recycling facility is Free Geek and they have the type of policy you should look for to ensure your hard drive is properly wiped:
At FREE GEEK, we will never boot from a hard drive before it has been wiped of data. Hard drives we are going to keep first have their partition table removed, and then are overwritten five times in the process of testing. If we are not going to reuse a hard drive, it is physically destroyed in our facility before we send it to a responsible e-waste recycler. We do not give or sell hard drives to places that do not have a similar policy. Data on donated hard drives is safe.

(freegeek.org)


I've talked about computer recycling (and Free Geek) on Portland's Morning News before, in case you missed it -- I've got an archive from my hard drive here: kxl_techexpert-recyclepc_20060724.mp3

Finally, if you're looking for tools to wipe a drive, here are a few that do the trick (Please use these tools CAREFULLY -- especially around drives with data you intend to keep, I can't be responsible for their use or misuse):

No comments: