One of the greatest concerns people have when disposing of their old computer equipment is the removal of the very personal data contained on them. The dangers of not properly erasing the hard drives can open up the possibility of unwelcome publicity and even prosecution either under the Software Copyright Act or Data Protection Act 1984.

But how can you ensure that the data has been deleted? The DOS and Windows command to delete files do not delete the data from your disk.

They merely delete their own record of the fact that the area of the disk they occupy is unavailable to other uses. To do this, it merely unlinks the file in its File Allocation Table (FAT) by changing the first character of its name
to a special byte.

Consequently, the undelete commands merely have to change the character back to restore the data, as is amply demonstrated retrieving deleted files from the Windows recycle bin. Contrary to popular belief, formatting a drive does not affect the disk data as the command merely formats a new file record for that logical drive. The only way to irretrievably destroy data, without physically destroying the whole disk, is by multiple overwriting of the data under an American military standard known as DOD 5220.22-M. This generates and records random characters across the whole of the drive surface and thereby obliterates all data and resets file sizes to zero. All working hard drives received by L.C.W.S. are erased using the above standard. Non working drives that cannot be powered up to receive multiple overwriting are destroyed physically before delivery to a scrap metal recycling plant.

What is the Data Protection Act? Following on from the original 1984 Act is the latest 1998 updated Act which came into force during 1999. This makes it a legal requirement to take appropriate security measures against unauthorised access to, alteration, disclosure or destruction of personal data and against accidental loss or destruction of personal data. Failure to comply can lead to enforcement action by the Data Protection Registrar as well as possible compensation claims from individuals through the courts.

Dumping on the cheap is risky. Lincolnshire County Council was embarrassed to find in 1998 that the computers it sent for scrap turned up on the second hand market. To make matters worse, the hard drives contained details on 50 child abuse cases. Under the Data Protection Act, failure to datawipe a computers hard drive of personal data can result in Crown Court prosecution and unlimited fines. In addition, companies in breach of this can be sued by the injured individuals.

© Copyright 2007-2009. LCWS.