Disposing of IT assets: How not to have your information stolen on eBay

Some organisations dispose of their IT assets by recycling what they can and discarding the rest. For others, the process involves reselling parts that still hold some market value.

And although today’s IT disposition industry claims to have a strong focus on compliance, governance and security, there are still several accounts of sensitive business or personal data falling into the wrong hands due to improperly disposing of IT assets.

As CIO reports, Kessler International conducted a 2009 survey in which it purchased 100 used hard disk drives on eBay. The study found that 40 per cent of the purchased drives contained sensitive corporate data and personally identifiable information (PII).

Unfortunately, the improper disposal of IT assets continues to be a problem today. A recent study conducted by Blancco Technology Group (BTG) analysed 200 used hard disk drives that were purchased through the likes of Craigslist and eBay. BTG found that only 10 per cent of the drives had undergone a secure data erasure process. Furthermore, 67 per cent of the drives contained a wealth of PII. Unfortunately, this study shows how a breach can affect both consumer and organisational data. The information on the drives included assets such as company emails, CRM records, sales spreadsheets and product inventory data. 

With all the potential data breach risks that come with IT asset disposal, you might want to reach out to an experienced service provider to perform a proper and secure media destruction service. However, it’s important to be wary of the provider you choose. U.S. power company, Idaho Power co. found itself in hot water back in 2006 when 84 of its used hard drives were purchased by various parties on eBay. These drives contained detailed power grid diagrams, lawsuit data and employee social security numbers.

This situation was a direct result of the fact that the utility company had contracted its asset disposal to an unreliable service provider that resold the drives without performing the necessary erasure procedures. This public utility company’s experience can be seen as a cautionary tale: You must tread carefully when trusting other companies with your data.

That being said, taking on the task of proper IT asset disposition (ITAD) is no small feat, especially when you have a lot of assets. Thankfully, there are some basic tips on how to dispose of IT assets properly.

For example, you should always dispose of disk drive data in accordance with international standards and regulations, but you should also seek out expert help to ensure that that you’re disposing of IT assets in a compliant, secure manner.

 John Woolley, head of technical sales, Iron Mountain

Image source: Shutterstock/Huguette Roe