In 2019, Stellar conducted the world’s largest known lab study of 311 used devices comprising -hard drives, memory cards, and mobile phones- to determine the plausibility of finding residual data on these devices. This systematic study reveals that a majority of second hand devices irrespective of their source – resellers, individuals, or businesses— contained significant amount of residual data including PII, personal data, banking information, income tax records, online login credentials, and other sensitive information. The study report presents empirical evidence on these findings and the high-impact risks of data breach while disposing off used devices.
out of the total 311 devices analyzed contained PII (Personally Identifiable Information), personal data, and sensitive business data
device studied was disposed off after simply deleting the files or formatting the storage media, without proper sanitization
These are just some examples of the data left behind.
were vulnerable to Personal Data / PII leakage risks.
Insecure disposal of storage hardware puts your business at risk of data breach. Think how? Disposing off your used devices without proper data erasure can compromise your intellectual property, financial reports, BI data, and trade secrets. These data breach scenarios can lead you to financial loss, brand damage, embarrassment, and lawsuit.
Disposing off your old device without proper data erasure can lead to theft of personal data & PII. This sensitive information can be misused for identity theft, fraudulent transactions, and exploiting credit histories. Buying an inadequately erased device might also end you up in possession of ‘illegal information’ that was owned by the previous device user.
Organizations need to adopt clearly defined policies, practices, and tools for secure media sanitization, while decommissioning their IT assets. Though media sanitization could be carried out internally or through a professional IT Asset disposition agency, it’s important to conduct regular data security and privacy audits to meet compliance with the prevalent regulatory standards.
“By employing NAID’s principles to conduct the study, STELLAR has assured the results are accurate and the personal information found in the process was fully protected at all times.”
“I hope this study finds its purpose to build awareness about the potential risk amongst all stakeholders including law enforcement agencies, regulators, consumers, data protection officers and professional information destruction providers. ”
FOUNDER AND CEO, STELLAR
NAID Study Principles