Improper Data Erasure Can Pose Serious Business Risks PDF Print E-mail
User Rating: / 0

A corporation would never consider operating without property and casualty insurance. The financial, legal and public relations-related risks are simply too great. But every day, businesses operate without effective data leak prevention strategies.

What’s the risk? Consider this scenario reported in major tech-industry publication:-

An Idaho Power Company found itself in an uncomfortable situation as it attempted to track down several unscrubbed disk drives that had been sold on eBay. The drives contained employee information, correspondence with customers and memos that discussed proprietary company information. The company said it hired an outside contractor to recycle about 230 SCSI drives. The contractor had sold 84 or those drives to 12 different parties using the online auction website”

Unfortunately, these kinds of situations are becoming commonplace. As rapidly-evolving technological innovation has caused the acceleration of IT hardware obsolescence, the secondary market for PC, server, and storage is becoming a haven for information thieves who seek to retrieve and exploit business and personal data from improperly erased hard drives.

Conventional attempts to erase business data on the millions of computer hard drives discarded by companies each year often fail, leaving data to be resuscitated by unscrupulous individuals. And, many third party vendors who claim to wipe hard drives before disposing of them don’t do a thorough job of completely removing the data.

Despite this, a 2005 IDC study suggest that only 37% of commercial entities have a formal PC recycling and end-of-life asset policy in place. In addition, for enterprise with operational data centers, managing these processes for IT equipment such as servers and storage arrays is even more demanding.

The report also indicated that similar percentages apply to data destruction.

Beyond the inconvenience and embarrassment of proprietary data getting into the wrong hands, there are many more serious repercussions of failing to effectively erase business data prior to sale or disposal. Organizations can be exposed to a variety of quite damaging legal, financial, and public relations-risks including identity/privacy litigation, violations of federal regulations, environmental damage, infringement of intellectual property rights, disclosure of business strategies, breach of software licensing agreements (license harvesting) and negative publicity.

It is, therefore, a critical responsibility of every CIO and IT Director to develop, document, communicate, and implement formal processes that ensure that all sensitivity business data is effectively erased from all storage media prior to its disposal.




Did You Know

arrow Identity theft is the top consumer complaint in the USA according to the Federal Trade Commission.

arrow US consumers reported fraud loss totalling more than $1.1 billion in 2006.

arrow Credit card fraud (25%) was the most common form of reported identity theft in the US in 2006.

arrow More than 100 000 people are affected by identity theft each year in the UK

arrow According to Privacy Rights Clearinghouse, more than 350 data loss incidents involving more than 140 million records have occurred since February 2005

arrow Organisations are obliged by law to take take adequate steps to ensure the proper disposal of data



Now: 2018-12-13 08:36

Who's Online

We have 7 guests online
You are here  :