Keeping the information contained in the company’s IT equipment secure is an obvious priority. But as technology becomes outdated and is recycled, replaced or repurposed, keeping the data secure is still a vital part of the process.
“Confidential information has a lifecycle: it is created; it is stored; it is transferred; it is deleted or destroyed,” advises Mark Lobel, a partner in security, privacy and risk practice at PricewaterhouseCoopers. “Each part of that lifecycle should be important to companies.”
When erasing the data is possible, it comes with its own challenges. Solid-state drives have to be programmed correctly to successfully implement an erase command, cautions Steven Swanson, an associate professor of computer science at the University of California, San Diego, who studies solid-state memory technologies. Some drives don’t implement the command at all, and some have bugs and don’t implement it correctly. In the case of USB thumb drives, there is no reliable way at all to erase data short of physically destroying the drive, Swanson adds, unless you are using a high-end, secure drive that can wipe itself.
“There’s not an easy way for a user to check,” he says. “If there’s a bug or an error in the software that runs inside your drive, you may tell it to erase the drive, it may tell you that it did that successfully, and if you go back and look for that data, you won’t find any—but that data can actually still be there.”