In the world of increasingly digital in which we live, erasing obsolete data stored on media such as hard drives and SSD memory has become a strategic issue in economic and political terms. This has become increasingly important after the incidents such as the NHS Surrey’s data loss and wider issues such as the recent revelation of the NSA’s activities on European soil. More than a good resolution, erasing private data securely is a necessary in 2014 for both businesses and governments.
Before discussing recommendations, awareness should begin; imagine when you recycle an old storage media device for new use that is likely to be for an unknown user: the resale of a PC or mobile phone is a good example. One can easily imagine the scenario of a multinational holding company that may resell or just give PCs to their executives for personal use. What information did the PC previously hold? Account numbers, transactions, photos, personnel records, trade secrets etc. If the IT staff member was even a little bit lazy or careless in their turnaround of the device, an off-the-shelf data recovery software package could very easily discover some of these files, and for those with more ruthless intent dedicated data recovery service techniques can be applied.
European community response
Several European countries have developed general data safety regulations that apply mainly to public administration and companies handling vast swathes of information, including private data on individuals. The reputation of companies and their executives responsible for the management of information systems are at stake if something goes wrong.
Referring to the relevant EU Directive 95/46/EC of 24 October 1995, paragraph b of Article 2 of Chapter 1, already defines the time that the ‘processing of personal data shall mean any operation or set of operations which is performed upon personal data … or otherwise making available, alignment or combination, blocking, erasure or destruction.’ At the EU conference on 25 January 2012 the EU Vice-President responsible for Justice, Fundamental Rights and Citizenship, Viviane Reding, has strengthened the commitment of the EU to protect the data of its nationals. The conference of 22 October 2013, following the case of the NSA, has endorsed this commitment by a real mobilisation. She declared four pillars in dealing with personal data:
- One continent one law… – with effective sanctions
- Non-European companies will have to stick to European data protection law if they operate on the European market
- The Right to be Forgotten
- A “One-stop-shop” for businesses and citizens
If companies fail to adhere to these the sanctions proposed can be harsh – up to five per cent of worldwide company turnover.