[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Thursday, 17 February, 2005, 05:40 GMT
Computers: your data in whose hands?

Computer hard drive controller
Organisations must erase data on redundant computers
As our increasing dependency on computers grows, so does the information held about us by countless companies and organisations.

The law protects us from the misuse of personal data by organisations.

But what happens when companies get rid of their old computers?

Today, Breakfast reveals in a special report that some well known multi-national companies, a school and universities are failing to erase sensitive personal data, even though this is a legal requirement.

  • Breakfast's Sophie Hutchinson has been investigating.

  • Computing Magazine's Bryan Glick came in to the studio, to give us some more advice.

    "It's not commonly known that even if you delete a file, the information is still physically on the disk until it's over-written," he explained."You can over-write it yourself, or get it done professionally."

    Specialist software can be used to delete files, but it's not cheap.

    If you choose to donate your old computer to a charity, such as Computer Aid International, your files will be properly wiped before your computer is passed on.

    Otherwise, he added, the only certain way to prevent your files getting into the wrong hands is to take a hammer to the hard drive.


    Personal records of school children, passwords and user names of company executives are some examples of the information found on second-hand computers.

    An investigation of 100 computers by the Information and Security Research Group at the University of Glamorgan found several examples of sensitive information which had not been correctly erased.

    Researchers bought machines from an online auction service - they discovered many had information stored on their hard drives which would be a clear breach of the Data Protection Act.

    The Information Commissioner, who enforces the act says it will be tough on organisations with lax security procedures.

    "Companies have duty to store personal information securely and delete it when it is no longer required" says Assistant Commissioner Phil Jones.

    Many second hand computers find their way to Nigeria and Russia where 'technology' crime gangs operate.

    It is of course possible that personal information could be added to a company's computers by a third party, this only becomes apparent when the company disposes of its machines.

    Measures to protect a computer can be as simple as having a hard disk password.

    One company operating in 14 countries had enough data on the drives of its redundant machines to seriously compromise the company's security.

    The investigation by the ISRG also found that in seven cases, there was enough information to hack into companies systems.

    Detailed information found included: school reports, personal letters, staff records, internal e-mails and detailed financial records - less than a year old


    Had the personal information fallen into the wrong hands, it could have led to individuals being blackmailed.

    And investigators found that more than 50% of disks it checked contained personal information.

    So called 'Freeware' is available on the web to make sure data is permanently removed - see the next section.

    Quick guide to erasing data

  • The Communications-Electronics Security Group (CESG), part of GCHQ has information on its website about secure data removal and certifies them

  • See also link to the right of page for detailed information on approved suppliers

  • Donate your old PC to charity. Computer Aid International refurbishes used computers and provides them to schools, colleges and community projects in developing countries. All machines are professionally wiped clean using the latest tools.

  • Secure data erasure requires overwriting every part of the disk to destroy any pre-existing data. Deleting files or reformatting disks is inadequate as they are reversible processes.

  • Look for specialist software for data removal that can be set to overwrite a disk any number of times, depending on the sensitivity of the data. The more times it is overwritten the more secure, and time-consuming the process.

    Computers: is your data safe?
    Watch Breakfast's report from Sophie Hutchinson

    What can you do to protect data?
    We spoke to Bryan Glick of Computing Magazine

    BBC Breakfast


    Your Comments
    10 Dec 04 |  Breakfast


    The BBC is not responsible for the content of external internet sites


    News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
    UK | Business | Entertainment | Science/Nature | Technology | Health
    Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
    Americas Africa Europe Middle East South Asia Asia Pacific