A recent report published by the Information Commissioner's Office (“ICO”) serves as a stark warning to consumers and organisations to take better care of their data.
In December 2010, the ICO commissioned a computer forensics company, NCC Group, to obtain 200 hard drives for inspection. These were retrieved mainly from on-line auction sites and trade fairs. An analysis of the devices has produced worrying results for data protection. Half of the second-hand hard drives contained personal or corporate data in 34,000 files, 11% of it being personal data. At least six of the drives contained significant amounts of personal data relating to the main user of the drive or employees and clients of organisations. Documents found included scanned bank statements, passports, CV's and medical details. This was despite the fact that, in a number of instances, action had been taken to delete the data from the hard drives. Alarmingly, the forensic tools that were used to analyse the devices are freely available on the internet, providing potential fraudsters with all the tools they need at their fingertips.
The organisations involved have now put measures in place to ensure that data is securely disposed of, with one company signing an undertaking to introduce further improvements. However the ICO have identified the ongoing concern that organisations and individuals are not disposing of their data in a secure enough manner.
Companies and consumers need to be aware of the measures required to ensure that data does not fall into the wrong hands. There is a very real danger of people becoming exposed to on-line fraudsters simply because companies and individuals have not kept themselves informed of the technical knowledge required to adequately dispose of data; the simple pressing of a delete button will not be enough.
The ICO's guidance on deleting data from devices can be found here.