Tuesday, February 17, 2009

Destroy That Drive

A fellow recently demonstrated his ability to recover data from a hard drive whose data had been overwritten a seven times using a data shredder program set to a supposed DOD data destruction standard.

If you have ever had any experience with identity theft, you understand why the hackles on the back of my neck stood up when I read the story.  I’m a genealogist.  I have a lot of data on my hard drives that contains private information about living individuals. 

From time to time I buy a new computer or hard drives and migrate my data to them.  I’ve always wiped my old drives with partition removers and then a five or six overwrites with data shredder programs thinking I was ‘protecting’ my data from dumpster divers.  In most cases, I probably did, but now, I’m not so sure.

I have a friend who manages computers worldwide that contain extremely sensitive data.  He leaves nothing to chance when retiring an old hard drive.  He takes out into the parking lot and breaks the disk platters into many pieces and throws the pieces in multiple dumpsters scattered around the city.

Is this an extreme action?  Maybe a little, but having had experience with identity theft, I find that I’m inclined to agree with his policy.  I don’t use a ten pound double-jack hammer on my old drives, but do use a 3/8” drill bit to create twenty or so holes in the drive platters before tossing them.  Additional scratches and gouges on the platters are encouraged during this process.

How are you disposing of your old computers and hard drives?   Are you carefully doing your best to remove the data using a method other than just dragging your data files to the trash and then deleting them?  Are you crushing your old floppies that had data on them? 

How about your thumb drives?  Do you keep the data on them encrypted?  The odds are that you will loose one or more of them this year or next.  It happens, especially if you are visiting libraries or other venues doing research.  We download data to the drives and in the excitement of the quest walk off at the end of a day and leave the thumb drive plugged in to the computer we were using, or on the floor after falling out of our bag, pocket, or case.  Frequently, we have all or part of our genealogy data on these drives and an unscrupulous finder may have a treasure trove of information to mine for nefarious purposes.

Think about the ramifications of someone getting the data about you and other living folks in your database and I’m sure you’ll be encouraged to make a substantive plan to remove or destroy it on your old machines.

Is the physical destruction too much work or you don’t have a drill?  Talk to the law enforcement officers in your area.  They may need some targets for their shooting range.  A hard drive painted orange may be a perfect target for some of their exercises.  Just remember to ask to observe the destruction.

If that isn’t the answer and you don’t want to destroy them yourself, consider a shop like Compax that will do the work for you.

Whatever method you use, be sure to do it.  Don’t set yourself up for a potentially disastrous problem.

Technorati Tags: ,


Anonymous said...

I recently came accross your blog and have been reading along. I thought I would leave my first comment. I dont know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.