“According to a recent global survey on data wiping practices, Kroll Ontrack, the leading provider of information management, data recovery, and legal technology products and services, found less than half of businesses regularly deploy a method of erasing sensitive data from old computers and hard drives. Of the 49 percent of businesses that are systematically deploying a data eraser method, 75 percent do not delete data securely, leaving most organizations highly susceptible to data breaches, which plague businesses at least once a year according to the 2010 Kroll Ontrack Annual ESI Trends Survey and cost an organization an average of $6.75 million per breach according to the 2009 Ponemon Cost of Data Breach Study.”
“Three-fourths of businesses are deleting files, reformatting or destroying drives, or ‘do not know’ how they are erasing sensitive data. Deleting files from a hard drive only marks the files to be rewritten, which may never occur. Furthermore, reformatting the drive only removes the entries in the index or table of contents that point to the data. And, physically destroying a drive is not a guaranteed method of protection, as Kroll Ontrack has been recovering data from severely damaged drives, such as the Columbia space shuttle, for more than 25 years.
“Surveying more than 1,500 participants from 12 countries across North America, Europe and Asia Pacific regarding their data wiping practices also revealed that four in 10 businesses gave away their used hard drive to another individual and 22 percent do not know what happened to their old computer.
Only 19 percent of businesses deploy data eraser software and fewer, 6 percent, use a degausser to erase media. When asked if and how businesses verify their data has been deleted, very few (16 percent) reported relying on a product or service report to confirm all of their data had been wiped.
“Reports that verify or confirm what the tool and/or service did are critical,” concluded Reinert. “Not only do they inform you of what has been wiped, but they should identify the serial number as well as the make and model information of the wiped hard drive, the date and time of when the information was wiped, and a listing of how much information was wiped.”