I feel like I read a story like this one every year. Someone buys or finds an old hard drive and tries to recover the data. They then manage to expose the fact that people still do not properly erase information on disks before discarding them to the wild:
The research – which was based on 317 computer hard drives obtained from the UK, North America, Germany and Australia – showed just how many people believe in the data fairy: though 41% of the disks were unreadable, 20% contained sufficient information to identify individuals, 5% of the disks held commercial information on organisations ranging in the UK from Man Trucks to Easington Council, and included records of a Children’s Day Care centre.
There was also illegal information with 5% of the disks holding “illicit data” and 1% of the disks bearing paedophile information. As a result, a criminal investigation has been launched in South Wales and another one in Australia.
[…]
Just how compromising and thorough the information stored on computers can be was demonstrated by data obtained from disks belonging to Port Weller Dry Dock, a Canadian ship building company.
On the drives was information that showed the company had details on a bid for the US Navy’s top secret DD21 destroyer programme, part of a US defence programme intended to equip the US navy for the 21st century.
This problem can either get better or worse with the new era of online archive and storage solutions. In other words, people can transfer the issue of handling stored data to a service-based system but can they trust that such a service will do any better job than the companies in this study?
Jon Godfrey, from Life Cycle Services, has a nice quote in the story:
“People get worried about losing data on computers but they don’t realise that erasure is as important as retention. The survey shows that the commercial sector is still chronically ignorant of the destruction and retention of data, and our experience is that the problem is actually worse than the study suggests.”
Actually, studies also show that people do not get worried about losing data. So it is perhaps more accurate to say that people simply do not always understand the risks and/or are unequipped and untrained to handle them.