The 2008 Analysis of Information Remaining on Disks Offered for Sale on the Second Hand Market
The use of computers that contain hard disks to process and store information has been ubiquitous across organisations in both the public and private sector for more than two decades and is being ever more widely used by individuals in the home. During that time, the processing capability of the computers has increased enormously. At the same time the storage capacity of the computers has increased from tens of Megabytes to hundreds of Gigabytes and the use of Terabyte
storage devices in both commercial and private locations is now becoming increasingly common. In recent years, because of social change and alterations in the way in which organisations work, there has also been an increasing trend in the use of the same computer to process and store both the organisation’s and the individuals personal information. It is clear that the majority of organisations and private individuals still remain ignorant or misinformed of the potential volume and type of
information that is stored on the hard disks contained within these computer systems. As a result, they have not considered, or are unaware of, the potential impact of this information becoming available to an unintended third party.
This is the fourth study in an ongoing research effort that is being conducted into the volume and type of information that remains on computer hard disks offered for sale on the second hand market. The research has been undertaken to gain an understanding of the level and types of information that remains on these disks and to determine the damage that could, potentially be caused, if the information was misused. These studies have examined a large number of disks that have been purchased in a number of countries. The rationale for this was to determine whether there are any national or regional differences in the way that computer disks are disposed of and to compare the results for any regional or temporal trends.
The first study was carried out in 2005 and has been repeated annually with the scope extended to include additional research partners and countries during each of the subsequent years. The studies were carried out by British Telecommunications and the University of Glamorgan in the UK, Edith Cowan University in Australia and Longwood University in the USA.
The core methodology of the research has remained the same over the duration of the study: to acquire a number of second hand computer disks from a range of sources and then to determine whether they still contained information relating to a previous owner or if the device had been effectively erased. If the disks still contained information, the research examined whether it was in a sufficient volume and of enough sensitivity to the original owner to represent a risk if unintentionally exposed to a third party. One of the results of the research has been that for a very large proportion of the disks that have been examined, there was significant information present and both organisations and individuals were potentially exposed to the possibility of a compromise of sensitive information. Potential impacts of this might include embarrassment to individuals and organisations, fraud, blackmail and identity theft. It is noted that where the disks had originally been
owned by organisations, they had, in most cases, failed to meet their statutory, regulatory and legal obligations.
In the 2008 study, the fourth in the series, the research methodology that had been followed in the previous studies was repeated, but in addition the scope was again broadened geographically to include disks sourced from within France.
This Journal is indexed by the following services:
JICLT is a member of the Directory of Open-Access Journals (www.doaj.org). ISSN: 1901-8401.