Why are we not getting better at Data Disposal?

Prof. Andy Jones^1,2
1Head of Information Security Research,
Centre for Information & Security Systems Research, BT
²Adjunct Professor, Edith Cowan University
 

ABSTRACT

This paper describes two sets of research, the first of which has been carried out over a period of four years into the levels and types of information that can be found on computer hard disks that are offered for sale on the second hand market. The second research project examined a number of second-hand hand held devices including PDAs, mobile (cell) phones and RIM Blackberry devices. The primary purpose of this research was to gain an understanding of the reasons for the failure to effectively remove potentially sensitive information from the disks and handheld devices. Other objectives included determining whether there were regional variations in the results and whether there had been any changes in the results detected over time. From the research it was possible to develop advice on the measures that could be adopted to reduce the level of data being inadvertently released into the public domain.

Keywords: Disk Study, mobile device, security data destruction, disk erasure