Data Privacy Risks with Used Media

Are you selling off, exchanging, donating, returning, or simply dumping your storage device.

Well, your data might be at risk…

Redundant print copies of documents are shredded to protect sensitive information from unauthorized access. But, the same level of discretion is not observed in the case of digitally stored information. Considering the widespread use of storage devices, it’s surprising to see the lack of users’ awareness (and indifference) towards using secure media disposal tools and practices.

The following points outline some of the typical ways users dispose of their used devices—

1. Consumers avail lucrative deals to sell off or exchange their used smartphones and laptops for new.
2. Enterprises sell off their end-of-life hardware to resellers without proper sanitization (internally or through an IT asset disposition agency).
3. Companies procure storage hardware on lease for a certain duration and return it afterwards without proper sanitization.
4. A consumer or company may dump their used storage hardware with e-scrap dealers, after simply deleting the data and/or formatting the storage media.

All these scenarios expose the residual data on used devices to unauthorized access and thereby pose risk of data breach and misuse.

Second hand devices – what are the risks of data breach?

Residual data on used devices poses immense risks for both consumers and businesses. This study report presents minute details of the risks posed by residual data in second hand devices.

To summarize—

For individuals, breach of residual data can lead to theft of sensitive information including personally identifiable information (PII) such as biometrics, medical reports, social security number, passport number, credit card details, and online banking credentials etc. This information can be misused for identity theft, fraudulent transactions, credit history manipulation, defamation, and misattribution.

Sensitive personal data such as geolocation, app & browser data, private pictures, contacts, text messages, emails, addresses, chat history, browsing history, and date of birth etc. can be exploited for threats, harassment, extortion, and other kinds of physical and emotional threats. Further, a new owner of an improperly sanitized second hand device may end up in possession of ‘illicit information’ which is owned by the previous device user, leading to various problems.

For businesses, residual data in outgoing devices may include intellectual property, financial reports, business intelligence, and trade arrangements and secrets, and strategic documents, etc. Breach of this information can lead to financial loss, brand damage, litigation, and also non-compliance with data protection laws such as GDPR with hefty fines.

The following case outlines a few implications of data breach on a business entity—

NCIX, a premiere Canadian PC hardware retailer, declared bankruptcy in December 2017. As a part of the process, operations were closed and assets were sold to pay investors and creditors. However, the assets were sold off without securely destroying the residual data. Later, in the following year, the data containing personal information of customers including their credit details were being sold on Craigslist for a few bucks. This includes every customer record NCIX created over the past 15 years in business.

Data Privacy – the onus is on you

As an organization or individual, it’s crucial to be aware that simply deleting files, formatting drive, or resetting smartphone does not sanitize the media. The deleted and formatted data can be easily recovered with the help of a basic data recovery software.

Further, lab data recovery techniques may even recover the data from physically crashed or failed hard drives, including media damage caused by natural disasters like storms, floods, or fire

So, before you sell off, donate, exchange, return, or simply throw away your used or legacy computer system, server, storage drive, or smartphone, it’s critically important that you securely wipe all the residual data from such devices.

Data Erasure – the ideal solution for data privacy

Data erasure software provides a fast, scalable, and effective solution for media sanitization, and thereby nullifies any chances of data leakage from second hand (or any) devices.

Data erasure technique is based on ‘overwriting’ the data inside a media with binary information, which permanently sanitizes the media beyond recovery. However, a great thing about data erasure software is that you can reuse the media, unlike techniques like degaussing which render the device useless and further cause e-waste generation.

A certified data erasure software such as BitRaser is the best solution for secure media sanitization, as it can permanently erase virtually any kind of storage media including hard disk drives, solid state drives, servers, and rack-mounted devices.

BitRaser supports 27 international data erasure algorithms including NIST Clear & ATA, and DoD 5220, etc. to make sure that the media is permanently erased as per the prevalent regulatory standards for data privacy. To this end, it generates certificate of erasure with tamper-proof audit trails that can help you meet compliance with standards such as SOX, GLB, HIPAA, ISO27001, EU-GDPR, and PCI-DSS.

BitRaser for Mobile is another specialized data erasure software that permanently erases data from iOS and Android smartphones to ensure that the media is completely sanitized with no threat of data breach of leakage.

Media Sanitization for Data Privacy. It’s your Call

Data privacy is essential from personal, commercial, & legal aspects. That’s clear. More importantly, it’s a fundamental human right. Today the need to protect data privacy is more than ever; we are in the middle of big data revolution, have multiple devices to manage, and consume ‘digital’ like nothing that came before. Grasping the various data threats today, the need is to adopt a fool-proof solution that can sanitize your outgoing media to perfection. Certified data erasure software is your best bet to ensure absolute data privacy by permanently erasing the media. It’s your call.