Firms don’t know how to delete data

20 Jan 2009

Irish organisations must implement robust data-deletion practices if they are to fully protect themselves from security breaches, according to Kroll Ontrack Ireland.

The data-recovery specialist revealed that only 3pc of the total demand for its software in 2008 came from the need to permanently delete data, compared with over 90pc for data-recovery software.

This suggests organisations are placing low emphasis on protecting end-of-life or deleted data, and are unaware that deleting a file does not permanently remove the information from the drive or device.

Second-hand laptops, PCs and mobile storage devices are regularly being sold on eBay, as companies try to recoup money spent on new equipment. Furthermore, the mountain of technology that must be disposed of continues to rise as companies upgrade and replace equipment that is broken or out of date.

To minimise the risk of sensitive data falling into the wrong hands, Kroll Ontrack is urging companies to take proactive steps to permanently delete data from hardware once it is no longer in use, or risk legal consequences and damage to reputation.  

In response to its findings, Kroll Ontrack has compiled a three-step plan to help companies protect data throughout its lifecycle:

* Increase awareness – Ensure the workforce understands that ‘delete’ does not necessarily mean deleted, and they are aware of the implications if data is not securely erased

* Update your practices – Implement a data deletion procedure as part of a wider business continuity strategy to ensure correct disposal of end-of-life information

* Deletion method and software must meet standards – Using methods and software that meets industry standards, such as  the Department of Defence, will ensure data is deleted from devices and drives, whether they are functioning, broken or no longer in use.

“More and more companies are taking an ethical and admirable approach to recycling computer equipment. However, many don’t ensure that they permanently erase confidential information that resides on the hard drive,” commented Ciaran Farrell, business development manager, Kroll Ontrack Ireland.

“We’ve all heard embarrassing stories of information being retrieved from laptops abandoned in skips or bought on eBay. Data is growing at an exponential rate and organisations must ensure they are managing it correctly at every stage of its lifecycle, including when it’s ‘dead’,” he added.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com