Data Protection extends beyond the life of the machine ..
A recent newspaper article highlighted the age-old problem facing many companies, as they scrap old equipment – sensitive information held on the equipment can be extracted and used for publicity. Most of the resultant publicity is not good, damaging personal and corporate reputations: all with financial consequences.
In short: yet another company was exposed as having misled the general public through carefully constructed or downright false media releases, when documents about (unsavoury or politically incorrect) internal behaviour were found on hard drives of computers purchased through local auctioneers. The recently disposed computers were picked up by a local internet cafe owner who stumbled upon the data. After apparently contacting the company - who denied all knowledge - the owner then appears to have contact media agents for a spectacular outcome. (The internal ramifications of such actions is unknown at the moment).
The majority of these sorts of problems are likely to be the result of rushed decisions or hurried execution. Almost all of this type of publicity can be avoided with a solid data-protection policy in place. The aim of the policy (like any policy) is to have a direction and some guidelines in place BEFORE the event, reducing adverse impacts. Note: we are not speaking about intentional theft in this article.
The policy need only be simple, but staff and your IT consultants must adhere to it strictly. The policy should outline what to do in the case of equipment being scrapped, upgraded or re-assigned out of the work place (an employee’s home or similar). It is handy to have a set of dot-points or a checklist enabling those involved to quickly assess the type of action to be taken.
Foremost on this list when dealing with workstations or servers is the topic of hard drives. Put simply, there are too many ways of retrieving so-called “deleted” information that the most assured way of “cleaning” your machines is the removal of the hard drive completely.
The removal of the hard drive brings up 2 points. Firstly the removal of a hard drive is sometimes complicated and is best done by an IT savvy person (staff member or consultant), which is an extra expense in decommissioning the machine. The hard drives can be physically destroyed by put a hammer through them – although information to hand indicates this renders them un-recoverable environmentally.
On the plus side is the licensing issue: you run no risk of having your software licenses used by others. In this increasingly legalistic world, protection of your data is not enough.. you need to protect your investments (licensing, assets, capitalisation) as well.
Of course at all times, consult your local IT expert – and if they can’t provide you with either enough options or enough clear explanation – try www.groupsupport.com.au on 08 9277 1768.