Most Businesses Failing To Erase Sensitive Data

Most businesses are  failing to ensure that sensitive data is being properly removed from their systems.

When eWEEK comes out with its end-of-the-year data center/storage trends story next month, one of those trends will be something called “data retirement.”

Not data deletion or data reduction, data erasure, data destroying or anything similar. Data and files can somehow reappear from all of those practices, but data retirement really does excise the unwanted/unneeded stuff forever from storage.

Data Retirement

In any case, a new Kroll Ontrack global survey released 17 November on data wiping practices found less than half of businesses regularly deploy a method of erasing sensitive data from old computers and hard drives.

Of the 49 percent of businesses that systematically deploy some sort of regulated data erasure, 75 percent do not delete data securely, Kroll said. This leaves most organisations highly susceptible to data breaches, which hit businesses at least once a year, according to another Kroll study – the 2010 Kroll Ontrack Annual ESI Trends Survey.

Several researchers have reported in recent years that breaches of this kind can cost enterprises millions of dollars in system repairs, litigation and lost IP.

Disposal Question Marks

The survey questioned more than 1,500 participants from 12 countries across North America, Europe and Asia Pacific regarding their data wiping practices, Kroll said. The report also revealed that 40 percent of businesses give away their used hard drives to other people; 22 percent admit that they do not know what happens to their old computers.

In total, more than 60 percent of all old business computers are fully intact with proprietary business data in the second-hand market.

“Three-fourths of businesses are deleting files, reformatting or destroying drives, or do not know how they are erasing sensitive data,” said Jim Reinert, vice president of product development at Kroll Ontrack.

“Deleting files from a hard drive only marks the files to be rewritten, which may never occur. Furthermore, reformatting the drive only removes the entries in the index or table of contents that point to the data. And, physically destroying a drive is not a guaranteed method of protection, as Kroll Ontrack has been recovering data from severely damaged drives, such as the Columbia space shuttle, for more than 25 years.”

Kroll Ontrack is a Minnesota-based provider of information management, data recovery and legal technology products and services.