Confidential data on hard drives turning up

Techworld.com - Hard drives full of confidential data are still turning up on the second-hand market, researchers have reported.

Investigations carried out for the BT Group by the University of Glamorgan in the U.K., Edith Cowan University in Australia and Longwood University in the U.S. found that 37% of drives surveyed had traces of personal data on them.

Damningly, this figure is much the same as it was for the same surveys undertaken by the universities for the last two years, suggesting that either companies are ignoring the issue or simply lack the tools to adequately wipe data before resale.

Sensitive information retrieved included salary details, financial data of specific companies, credit card numbers, medical data, visa applications, details of online purchases and inevitably, online pornography. The sample totaled 350 hard drives acquired in online auctions.

"Given the level of exposure that the subjects of security and identity theft has received in recent times, and the availability of suitable tools to ensure the safe disposal of information, it is difficult to understand why disks are still not being effectively cleaned before they are disposed off," said Andy Jones, BT's security research head.

"When organizations dispose of surplus and obsolete computers and hard disks, they must ensure that adequate procedures are in place to destroy any data and also check that the procedures that are in place are effective -- whether they are handled by internal resources or through a third-party contractor," he said.

The full report -- which has yet to be made available to the public -- reveals that buying second-hand disks is an unreliable way to get hold of storage. Of the 133 disks bought in the U.K., 44% of them didn't even work. But of those that did, 19% had enough information on them to identify the organization from which they had come, 65% had enough data to identify named people and 17% contained "illicit" data.