Disposing of IT Assets: How Not to Have Your Information Stolen on eBay

By: In: Data Privacy & Protection On: Aug 05, 2016
Disposing of IT Assets: How Not to Have Your Information Stolen on eBay

Some organisations dispose of their IT assets by recycling what they can and discarding the rest. For others, the process involves reselling parts that still hold some market value. And although today’s IT disposition industry claims to have a strong focus on compliance, governance and security, there are still several accounts of sensitive business or personal data falling into the wrong hands due to improperly disposing of IT assets.

As CIO reports, Kessler International conducted a 2009 survey in which it purchased 100 used hard disk drives on eBay. The study found that 40% of the purchased drives contained sensitive corporate data and personally identifiable information (PII). Unfortunately, the improper disposal of IT assets continues to be a problem today. As The Register reports, a 2016 study conducted by Blancco Technology Group (BTG) analysed 200 used hard disk drives that were purchased through the likes of Craigslist and eBay. BTG found that only 10% of the drives had undergone a secure data erasure process. Furthermore, 67% of the drives contained a wealth of PII. Unfortunately, this study shows how a breach can affect both consumer and organisational data. The information on the drives included assets such as company emails, CRM records, sales spreadsheets and product inventory data.

With all the potential data breach risks that come with IT asset disposal, you might want to reach out to an experienced service provider to perform a proper and secure media destruction service. However, it’s important to be wary of the provider you choose. As Computerworld reports, a U.S. power company found itself in hot water back in 2006 when 84 of its used hard drives were purchased by various parties on eBay. These drives contained detailed power grid diagrams, lawsuit data and employee social security numbers. This situation was a direct result of the fact that the utility company had contracted its asset disposal to an unreliable service provider that resold the drives without performing the necessary erasure procedures.

This public utility company’s experience can be seen as a cautionary tale: You must tread carefully when trusting other companies with your data. That being said, taking on the task of proper IT asset disposition (ITAD) is no small feat, especially when you have a lot of assets. Thankfully, there are some basic tips on how to dispose of IT assets properly. For example, you should always dispose of disk drive data in accordance with international standards and regulations, but you should also seek out expert help to ensure that that you’re disposing of IT assets in a compliant, secure manner.

For more information on why secure disposition is important and how to choose a supplier, download our media and IT asset disposition vendor guide and checklist.

← 4 Things to Remember When Securing Your Enterprise IT Urgent vs. Important: Balancing Your Disaster Recovery Budget →

Leave A Comment

About the author

John Woolley

Head of Technical Sales at Iron Mountain John is a sales and marketing leader with over 20 years of experience within the IT industry. For the last 10 years, John has been an evangelist for data centre virtualization and data management, working to bring innovative solutions to solve real data issues. As Head of Technical Sales for Iron Mountain, John defines and drives Iron Mountain’s Cloud Data Management solutions. He also recommends and defines the strategy for Data Management products and services based on customer interactions. Prior to Iron Mountain, John held several roles as a Sales Manager and, most recently, as a Data Protection Specialist.