The supreme court of India recently ruled that privacy is a fundamental right.
What does that means in the present context of digital India and when technology has transformed our lives so dramatically in the last two decades?
Technology adoption in India has moved at break neck speeds and while people have been using PCs and laptops for a while now to create and store data; smartphones have invaded our private lives like no other device in history. Information such as our location, travel destination, travel duration, contacts, photographs, messages is vulnerable. A recent study has predicted that, by 2020 there will be 450 million smartphone users* in India alone and that, there will be a 50 fold increase in the volume of data generated**.
Organisations have sensitive data such as patents, financial information, confidential business information, employee records, tax documents, legal compliance documentation and more that they generate through their workforce every passing hour. All this information is often accessed through mobile devices too. Data lifecycle management becomes absolutely necessary as information that is created for usage is stored in various storage devices and it is prone to high risks of compromise during creation, storage or transportation. Threats include sophisticated virus, malware or ransomware attacks, infrastructure sabotage etc. For consumers data includes personal photographs, contacts, messages, videos etc. While organisations today have deployed strong technology to safeguard their critical business information from such threats, data destruction is often ignored, in the data lifecycle management, both by organisations and consumers.
Data destruction is the process of permanently erasing data from data storage devices like hard drives, memory cards, smartphones and other mobile devices. This can be achieved in two ways:
1. Physically destroying the storage device: Here hard drives or mobile devices are physically destroyed, via shredding or degaussing. This process generates a high volume of electronic waste, which ends up in landfills. Waste includes hazardous heavy metals such as lead, arsenic, mercury, which can seep into the water table through the landfills and reach our homes. According to Assocham, India's ‘production' of e-waste is likely to increase by nearly three times, from the existing 1.8 million metric tonnes to 5.22 million metric tonnes per annum by 2020 at a compound annual growth rate (CAGR) of about 30 percent.***
2. Erasing devices permanently beyond the scope of data recovery through professional software. This has tremendous environmental benefits as hard drives and smartphones can be safely reused without data breach or confidentiality compromise fears. Through professional software, detailed reports of erasure can be generated which certify permanent and secure data erasure thereby securing your data privacy. These reports can be produced as evidence during audits.
In India, there is a general trend of formatting old devices or deleting old information and selling it to third parties, with a belief that after formatting and deleting information, data is permanently removed. Many organisations practice it while discarding old IT assets, returning leased IT assets or reallocating IT assets. Consumers practice it while upgrading their smartphones, laptops and desktops. The old devices are simply formatted / factory restored and are considered ready for resale. This is an unsafe data removal practice and is a grave threat to privacy and information security.
There are various FREE data recovery software available, which can recover all data stored on hard drives and mobile devices even after formatting, deleting, factory restoring them. As a result, damage worth millions of dollars can be caused due to loss of revenue, loss of reputation and loss of business.
Internationally there are compliance guidelines including SOX, GDPR etc which, safeguard and protect the rights of citizens by mandating data erasure before reuse, reallocation and disposal for preventing confidentiality compromise and breach of privacy. In India there is currently no such governance in place under which the fundamental right to privacy could be safeguarded. While the Indian government is taking strong steps towards bringing in a comprehensive policy, it is yet to see the light of day.
Until then, a simple and easy way to prevent your data from falling into wrong hands is to use data erasure software that permanently erases data beyond the scope of data recovery. So the next time you are upgrading to a new smartphone or laptop, make sure you not only factory reset it, but erase it through a professional software and securely maintain your privacy.
Contributed by Sunil Chandna, CEO, Stellar Data Recovery
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.