Dawn of the Undead Data

Computerworld - In George Romero's classic 1968 horror film, Night of the Living Dead, the deceased rose from their graves to terrorize the living. Many IT organizations now find themselves in a similar nightmare as data they thought was dead and gone has risen from the storage crypt. When hackers, competitors or governments apply the right technologies, the data you thought you had destroyed, and which has stumbled outside the corporate gates on discarded PC hard disk drives, backup tapes and other zombie media, comes alive again. And opportunists are quick to use this data to extract their pound of flesh.
Take the case of the insurer that thought it had wiped the hard drives on retired PCs clean before disposing of them. Someone who bought one of those PCs and discovered sensitive data on it is blackmailing the company, says Bob Houghton, president of Redemtech Inc., a Hilliard, Ohio-based recycler of PCs and other IT products. And since the breach involved customer data, the company must disclose it to its customers under a California privacy law.
The IT staff may have simply overlooked erasing that PC in the disposal process. But the true horror is that in many cases, even wiped data on those 1,000 PCs you just sent out the door can be resuscitated.
And third-party vendors that claim to wipe PC disks before disposing of them don't always do the job right, either. One IT executive at a large financial services company outsourced the task to four different vendors. Now she's in litigation with three of them, according to Gartner analyst Frances O'Brien.
Redemtech says that on average, 25% of the systems it audits still have data on them even though IT thought the systems had been wiped clean. IT managers don't realize that their own best practices, if they have them, aren't being followed. And even when they are, the erasure process may simply transport the data to the land of the undead.
Consider the options. An fdisk breaks the partition but leaves data on the drive that any disk utility can read. A quick format only overwrites the system area of the disk. A low-level format overwrites most data in sectors accessible by the operating system but leaves many areas untouched. Consumer-grade disk-wiping tools supposedly overwrite every sector, but data recovery specialists say they often retrieve data that these tools have left behind.
Then there's degaussing -- applying a strong magnetic field to the disk to erase it. This works well for backup tapes, but many degaussers