Data wipeout trickier than some think
Phil Bridge thinks the channel could do more to help customers avoid data breach scandals
Wiping data from communication devices is a lot trickier than people think. As we know, pressing the delete key only makes it look to the casual observer as though something has been permanently removed.
The same can be true of destroying hard drives; if data can be recovered from the disks found in the debris of the Columbia space shuttle, which exploded on re-entry in 2003, it is probable that even bits of a PC hard drive will still host recoverable data.
The channel has learned the hard way about deleting data, by witnessing some of its biggest customers receive large fines. Such events can also ruin reputations and damage customer confidence.
The Information Commissioner's Office (ICO) has published the number of data breaches that were reported to it this year. Half were allegedly due to carelessness on the part of the business, which might have outsourced the work either to the channel or to a data destruction company that was not up to the job.
The biggest offender was the public sector, which outsources many IT services to the channel. This year, the cost of its failure to properly erase data before recycling or disposing of various devices was estimated at £4m.
NHS Surrey leaked the records of 3,000 patients when the data destruction company in charge of deleting the data failed to do the job correctly. One consequence of this particular incident was a £200,000 fine – and many members of the public were doubtless angry that these funds were not available to help patients.
Who is really to blame for these data breaches? The hospital or the channel, including the white-label IT company in charge of permanent data erasure?
In this case I say it would be the channel – which probably offered great overall services support but chose the wrong supplier.
Finding the right supplier might take more than a quick Google search. Customer testimonials and case studies can be important (although these invariably paint a picture massaged as much as possible by their marketing and PR teams – Ed).
Does the supplier use a clean room and have trained engineers? This is also crucial.
There are various software and hardware data erasure offerings out there, so find a supplier that can provide advice on the most suitable one for a given situation.
Does the data destruction company have all the tools it needs to do the job in-house without waiting for parts? This means fast work-completion times.
A skilled data recovery company will have its engineers on hand to discuss options and help decide on the best course of action.
Providing a valuable data recovery service is about more than "no fix, no fee" offers or cheap upfront quotes. Some operators can cost more in the long run, and may inadvertently render data permanently inaccessible.
Phil Bridge is managing director of Kroll Ontrack