Right outside my office is our Treatment Facility. The bit
nearest to me is where hard disks are wiped using the software approved by
GCHQ. I often wander along the banks of PC’s and laptops, all lit up brightly
with their screens telling me how far along the process they are. It can take
many hours to wipe a hard disk and we wipe three times, so they are there for a
while.
But what are we wiping? I mean, we do this because we are
protecting our clients from data breaches post asset disposal. Is there really
a risk there, I hear you ask? Well, I thought I would have a look.
Except I am
not allowed. It is a secure facility after all, so no peeking Hugh.
Even the lads don’t look at the contents of the files, because they are
confidential, but we do record the file names to check with our clients before
permanent deletion, just in case there is something there they need to keep (which happens a lot by the way). So I had a
look at the file names found on some twenty random PC’s and below is a
selection of nice simple file names.
Client Mailing List
Bank Statements
Employee Bank and Address Details
CRB Reports
System Passwords
Pupil Medical Records
Just the obvious ones, obviously. Who knows what juicy stuff
I would have found within some of the more cryptically named files? But my point is the bad stuff is there. It is
on all our hard drives, and if they fall into the wrong hands we are in BIG
trouble.
Protecting your data is not just for life (the life of your hardware)
but has to reach into the afterlife too. We all pay for baffling security
programs to stop malware, spyware, viruses and phishing whilst we work, so are
we really going to take a chance on everything when we throw away our old
laptop?
Yes, the risk of your hard drive falling into the wrong
hands is relatively small. No one is going to try and deny that, even if this
is the law. Tossing your old kit out willy nilly is a bit like doing 80mph on
the motorway. You know you shouldn’t. You know you could get caught, but you
aren’t doing ninety so it’s not really a crime and there is not much risk of getting done if you slow down a tad for the cameras. Not really. Not much of one.
However, the penalty here is not three points on your
licence. It’s a hefty fine and public embarrassment, real corporate shame. It’s
a potential director’s ban and if you are a professional your peers may even strike
you off. Search data breach and you will see exactly what I mean.
Make sure your data is secure. You know it makes sense.
No comments:
Post a Comment