Leaving sensitive information in laptops or computers before donating them is an open invitation to trouble. Read this blog to learn why securely wiping a computer before donating is critical to prevent data leakage from the IT assets at the end-of-life.
Donating devices is a perfectly noble way of handling old IT assets no longer in use. Many organizations donate old laptop, mobile phone, tablet, flash drives, or other gadgets as a part of their CSR activity. Generally, obsolete devices are beyond the purview of data security protocols. However, they contain adequate business data like personal information of customers, employee and investors’ record, and other financial details. Simply resetting computers or laptops to factory settings is hazardous as a free DIY data recovery software can recover data even after formatting. Failure in complete erasure of such sensitive data before and after the devices change hands can have severe repercussions beyond imagination. As a result, data leakage threats are high and organizations may suffer huge penalties along with multiple lawsuits besides loss of brand reputation and customers.
Intermountain Healthcare suffered a data breach after donating an old laptop that contained names, job titles, social security numbers, and telephone records of about 6,244 employees. The laptop was discarded using a third-party software to scrub data stored in it. The device was donated to a secondhand store and further sold at $20 to an independent user. The end-user found thousands of employees’ personal information in it and informed the authorities. Once the incident came to light, Intermountain Healthcare revised their data destruction policy and opted for a more secure procedure. Fortunately no legal penalties was imposed as no information was leaked by the end user. Unfortunately, not all donors get responsible end-users who will not misuse the information found in the donated devices. So, it is critical to wipe computer before donating to avert the possibility of nefarious security attacks.
Wiping devices before donating is paramount as recovering data from the storage devices is an easy task for digital forensic experts. When it comes to observing best data protection policies, there is nothing more tangible than defining data erasure protocols as a part of your company’s data destruction policy. Organizations dealing with bulk volume of data must follow these security protocols before donating their old IT Assets:
We have been educating through our series of articles on why data deletion or formatting are not the right practice of eliminating the unwanted information. By now we know that ‘Delete’ or ‘format’ command only hides the information and the data remains in the storage media, vulnerable enough to forensic recovery or illegal extraction.
To completely wipe the stored information on a hard drive, opt for secure data erasure using a professional software like BitRaser that guarantees permanent data wiping beyond recovery. Read our KB on How To Completely Wipe a Computer to learn the step by step instruction on wiping clean your PC.
BitRaser logically overwrites data stored in the storage media without hampering the devices. The software is designed to erase all kinds of hard drives, SSDs, NVMe, M.2 or storage media used in printers, laptops or desktops, servers, etc. It permanently removes the data using international erasing standards including NIST 800-88 and DoD 3 & 7 Pass. Furthermore, the software offers a tamper-proof certificate and erasure report that act as audit trails for regulatory compliance.
Digitization has transformed the way organizations function. Emails, business documents, photos, and bank transactions take a lot of space in computers. It is crucial not to leave anything behind that might give access to intruders to misuse the sensitive information. Even if some of the documents are no longer in use for the enterprise, always follow the data erasure practice to wipe hard drives before donating or while disposing of devices. Donating your old devices may be a noble cause but you must remain vigil and follow the security protocols before you hand over your devices to prevent any episode of data breach.