Skip to main content

ICO: 1 In 10 Used Hard Disks Contains Personal Data

The Information Commissioner's Office (ICO) is warning consumers on data protection, with its latest investigation which focused on second-hand hard drives.

The report issued by the ICO claims that 10 per cent of used hard disks sold online "may contain residual personal data" from the previous owner. An ICO survey also found that two-thirds of UK citizens pass their old phones, computers and laptops on to another user, with 44 per cent giving them away free, and 21 per cent selling them on.

NCC Group, a computer forensics firm, did the digging for the research, scrutinising 200 second-hand hard drives, 20 memory sticks and 10 mobiles (most purchased from online auction sites).

Devices were first searched manually, with no special software, and following that using forensic tools (although ones freely available on the Internet).

NCC Group found that 52 per cent of hard drives had been properly wiped, but the rest contained readable data - and 11 per cent contained accessible personal data. The personal data found on the USB sticks and mobiles was apparently negligible.

In total, some 34,000 files containing personal or corporate data were recovered from the devices, and two of the hard disks contained enough information to enable a full-on identity theft. Documents found included scanned bank statements, passports and medical details.

Information Commissioner, Christopher Graham, commented: "We live in a world where personal and company information is a highly valuable commodity. It is important that people do everything they can to stop their details from falling into the wrong hands. Today's findings show that people are in danger of becoming a soft touch for online fraudsters simply because organisations and individuals are failing to ensure the secure deletion of the data held on their old storage devices.

"Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered.

"The ICO has published guidance to help individuals securely delete information stored on their old devices. We hope this publication will help people to take better control of their personal data."

Specialised secure deletion software can be used to wipe your hard drive properly, often incorporated into utility suites of one kind or another. Either that, or a large hammer, which admittedly isn't such a great idea if you then want to eBay the hard drive.

Here's the ICO's official advice on the matter (opens in new tab).

Darren Allan

Darran has over 25 years of experience in digital and magazine publishing as a writer and editor. He's also an author, having co-written a novel published by Little, Brown (Hachette UK). He currently writes news, features and buying guides for TechRadar, and occasionally other Future websites such as T3 or Creative Bloq and he's a copy editor for TechRadar Pro. Darrran has written for a large number of tech and gaming websites/magazines in the past, including Web User and ComputerActive. He has also worked at IDG Media, having been the Editor of PC Games Solutions and the Deputy Editor of PC Home.