Is complete destruction of data the best solution against identity fraud?
At the halfway point in National Identity Fraud Protection Week, claims have been made that destroying data completely should be considered.
Speaking to SC Magazine, Ross Waterton, founder of the Bustadrive technology that destroys hard drives, claimed that the concept of completely deleting data should be considered by businesses.
He said: “Think how much information is stored on your hard drive: bank details; PayPal details; eBay transactions; even Facebook contacts. I am not sure how aware consumers are of this issue. In an ideal world I would like to see the Bustadrive in each local tip where residents can dispose of their hard drives themselves and have piece of mind that their personal information has been destroyed appropriately. We need to educate people to view this the same way that they shred their bank statements.
“Companies have an increased liability and responsibility to their clients. No one wants to have to contact their customer base and inform them of a data leak with potential fraud issues. Total destruction on the premises is the only sure guarantee that you are compliant with Information Commissioner regulations in terms of data decommissioning.”
In terms of digitally encrypting or deleting a hard drive, Waterton said that this is fine if the drives are to be reused in-house, but if the drives are no longer required then complete destruction is the solution.
He said: “Complete destruction in front of your eyes is the only guarantee you have that you have disposed of your hard drive responsibly. Even if sending via a third party for destruction you still need piece of mind that your ‘back is covered'.
“There is a perception that companies can offload the liability to their third party destruction supplier. Even if this is the case, the press do not care where the liability lies they will always go for the headline, which unfortunately does not usually mention these suppliers. In an ideal world hard drives would be destroyed on-site and then sent for data destruction to be reduced to sand.”
Waterton also said that two new offerings have been added by Bustadrive including a standalone machine and a mobile kit that comprises a standalone machine fitted into a dedicated Peli case.
Recently Deepak Mohan, SVP information management group at Symantec, encouraged IT managers to be more prepared to delete archived files rather than keep backing them up over and over. Asked for his thoughts on whether complete destruction would be as effective as digitally deleting, he said: “Physical destruction of hard drives and tapes is a very extreme measure, but surely will achieve the results.
“There are processes and devices available today that can guarantee data deletion on tapes and hard drives. For example, a low level format of a hard drive gets rid of all information and this allows for re-use of media.
“The information you want to delete may be mixed with good information on a disk array, it could be inside your exchange server or email archive or it could be inside your database or SharePoint. You cannot delete this information by destroying the hard drive as the good information goes out with it.
“Hence the need for automated tools and policy. Expire the tapes and re-use them. Let the information management products act on predefined policy and delete information on a regular basis without any manual intervention.”