Over the last few years, computer forensics expert Paul Henry has been buying up old hard drives and cellphones, and cracking them open to see what’s inside. What he finds is information that most people — especially business owners — wouldn’t want in the hands of strangers.
“Nine out of 10 times, I find personal information,” says Henry, who is an analyst at Lumension Security of Scottsdale, Ariz. He also has found corporate billing data, proposals, invoices, emails and more.
Every day, companies discard, sell or donate old computers, mobile devices and other electronics in favor of new and better models. But many fail to properly wipe the data from their cast-offs, even though they may contain valuable company secrets and sensitive employee and customer information. In the wrong hands, this type of information could lead to identity fraud or legal disputes over compromised business contracts or violations of privacy laws. Many state laws and the federal Fair Credit Reporting Act’s “Disposal Rule” require businesses to take reasonable measures to destroy sensitive consumer information, including on computer equipment, when disposing of it.
Moreover, if disposed of improperly, some metals inside electronic devices can be harmful to the environment. Many states in the U.S. have environmental laws that bar people from throwing electronics in the trash because they contain toxic materials such as mercury, lead, cadmium and arsenic.
To help people dispose of devices properly, many municipalities and private groups organize recycling and donation events, and many electronics manufacturers and big box stores offer programs to take back their products.
Check with those companies and your local government or sanitation department to weigh your options. For example, New York City details many disposal options for residents and businesses online. You also can find recycling programs in your region or state in the U.S. through the Environmental Protection Agency. To check whether a recycler is certified for practices that protect the environment, consult e-Stewards, a Seattle-based non-profit dedicated to reducing “e-waste.”
But remember, before you dispose of computers, smartphones, tablets, printers, copiers or anything else with a chip or memory, completely wipe the data from them. You can hire a firm specializing in electronics disposal to do this, but watch closely. If the firm doesn’t do a thorough job, you could still be responsible for a mishap. For peace of mind, you may want to do it yourself. Here’s how:
Computers: Simply deleting your files and reformatting your computer hard drive is not enough. Someone with a free program downloaded off the Internet could still easily retrieve your information. “If a hard drive has not been wiped, it’s child’s play to recover the deleted files,” Henry says.
Use a utility program to overwrite data. Often, you can choose how many times you want to overwrite it. More overwrite passes mean greater security, but it takes more time, of course.