[This post is the tenth in a series. The original post can be found here.]
Many of the technology devices used today are essentially disposable. When they get old or break down, they are simply discarded as it is too expensive to upgrade or repair them. As a result, law offices will frequently find themselves discarding older computers and other devices. This is problematic as these devices often have confidential client information on them.
There are risks in donating your old computers to charity or a local school where a classroom of technology-savvy students will be itching to recover your data. Be sure to remove the hard drive from any computer you donate, or make sure the data on the drive has been thoroughly removed.
Third party access to confidential client or firm information can also be an issue if you are sending your electronic equipment outside the office for repair or maintenance. Client information can be in unexpected places. Most modern photocopiers and printers actually have hard drives on board that store copies of the images that go through them. This data can easily be found on, or recovered from, the hard drives on these devices.
Deleted doesn’t mean deleted
It’s a common misconception that deleted files are gone for good. In fact, the deleted files on most devices (e.g., computers, tablets, smartphones, etc.) are easy to recover using widely available forensic recovery tools. Even reformatting or repartitioning a hard drive will not completely destroy all the data on it.
Keep in mind that forensic technology can also be used to restore deleted files on portable media (e.g., CDs, DVDs, USB sticks, SD cards), so you should always use new media when sending data outside your firm.
Physically destroying a hard drive or other device with a hammer is the free and low-tech option. You can also use specialized software that will “scrub” all data from a hard drive so that it is not recoverable. Widely used free tools for this task include CCleaner, Darik’s Boot And Nuke (DBAN), and File Shredder.
Dan Pinnington is the Vice President of Claims Prevention at practicePRO. This article first appeared in the December 2013 issue of LawPro magazine. Reprinted with permission. For more cyber safety tips, visit www.lawpro.ca.
[For more information regarding the removal of data from discarded equipment, read the risk management practice guide, “Office Equipment Disposal Policy.”]