RISK NO BUSINESS CAN AFFORD
Data theft is becoming commonplace. The secondary market for IT hardware is a haven for information thieves who retrieve and exploit business and personal data from hard drives. Consider the following reported in a major technology publication:
"An Idaho Power Company found itself in an uncomfortable situation as it attempted to track down several unscrubbed disk drives that had been sold on eBay. The drives contained confidential employee information, correspondence with customers and memos that discussed proprietary company information. The company said it hired an outside contractor to recycle about 230 SCSI drives. The contractor had sold 84 of those drives to 12 different parties using the online auction website."
An annual study published by Scotland's University of Glamorgan on hard drive erasure reported:
"Each year, university researchers buy hard drives on eBay, at computer shows or from recycling operations and then study them to see what data can be found using off-the-shelf tools. This year, the study found sensitive data on 62 percent of 133 working drives purchased in the U.K." In one case, the data belonged to a major UK hospital group; and another from a huge UK Oil company."
A 2005 Information Week article wrote:
"Few corporate executives know that they can be fined or jailed for improper disposal of computers, according to a recent survey by Hewlett-Packard Financial Services . . . Recent legislation holds top executives and IT managers accountable for violating customer protection and privacy rules. The Health Insurance Portability and Accountability Act (HIPA) allows fines up to $250,000 and ten years in prison for each violation of patient health information privacy rules. The Gramm-Leach Bliley Act imposes penalties of up to $100,000 per violation for financial institutions that fail to protect customer information."
