Channel urged to capitalise on lack of data destruction

Joint study by BT, Sims Lifecycle Services and three universities reveals the amount of sensitive data being discarded is increasing

The channel is missing a lucrative revenue stream by not focusing enough on pushing data destruction solutions to customers, according to a report out today.

A study sponsored by BT and Sims Lifecycle Services, and carried out by the forensic computer science laboratories at the University of Glamorgan in Wales, Edith Cowan University in Australia and Longwood University in the US, revealed that 34 per cent of discarded hard drives examined for the research still contained confidential data.

John Godfrey, director of services at Sims, said: “On the outside, it might seem as if the volume of sensitive data being compromised has gone down because last year the figure was 50 per cent. But this is not the case because the volume of data and the size and diversity of devices being discarded has actually increased.

“Resellers are missing a trick because their customers are preoccupied with physical security and keeping hold of existing data, but when it comes to discarding data, firms are lacking guidance. By educating customers and assuring them that there are proper erasure and destruction processes that can prevent their data falling into the wrong hands, resellers can open up a new revenue stream.”

Godfrey said that in Nigeria, a well-known hotspot for data mining, the value of devices is based on whether or not they contain data, rather than the specification of each item.

According to the study, which is now in its fifth year, some of the items found to contain data included:

• A disk bought on eBay that revealed details of test launch procedures for the THAAD ground-to-air missile defence system. The disk also contained security policies, blueprints of facilities and personal information including social security numbers of employees at a well-known military manufacturer.
• Two disks found in the UK appeared to have originated from Lanarkshire NHS Trust containing confidential patient information including x-ray images, medical records and confidential staff letters. In Australia a disk was found from a nursing home that contained pictures of patients and their injuries.
• A disk from a US bank revealed account numbers and details of proposals for a $50bn (£33bn) currency exchange through Spain.
• A disk from France contained confidential material such as network data and security logs from the German Embassy in Paris.
• A number of disks containing data from a well-known UK-based fashion company, including information relating to trading performance, budgets, discount codes and customer names and addresses.

Godfrey added: “It is clear that a wide range of organisations and businesses all over the world are fundamentally failing in their duty to properly manage sensitive data when their IT equipment passes outside their control. Residual data can still be accessed years after the equipment has been discarded, and in the wrong hands could not only have financial consequences, but potentially implications for national security.

“These organisations are crying out for help here, and the one that can help most effectively is the channel,” he said.