Study: 40% of used devices contain personal info

Here’s a new data point for IT professionals to ponder during their sleepless nights: 40% of electronic devices sold in publicly available resale channels contain Personally Identifiable Information (PII).

A study by the National Association for Information Destruction (NAID) analyzed hard drives, mobile phones and tablets. “While there have been similar studies over the past decade, the NAID study is unique insofar as the recovery process used to locate the data on more than 250 devices was, by design, not sophisticated nor was advanced forensic training required,” NAID said. “All methods leveraged downloadable shareware.”

PII recovered included credit card information, contact information, usernames and passwords, company and personal data, tax details and more. Interestingly, mobile phones were the devices with the lowest percent of PII (13%), which, given their ubiquity in the enterprise, is a break for IT security pros.

The numbers were far worse for hard drives (44%) and tablets (50%). NAID’s study included devices that had been previously deployed in both commercial and personal environments.

NAID chief executive Robert Johnson said that while the study’s results show a decrease in data found compared to past studies, “NAID employed only basic measures to extract data; imagine if we had asked our forensics agency to actually dig!”

Johnson said the results are not an indictment of reputable commercial services providing secure data erasure. “We know by the ongoing audits we conduct of NAID Certified service providers that when overwriting is properly done, it is a trustworthy and effect process,” he said. “The problem lies with service providers who are not qualified and, too often, with businesses and individuals who feel they can do it themselves.”

What makes the PII problem even more maddening for enterprise IT pros is that they might not even know an employee has traded in a personal electronic device used for work. Those long, sleepless nights are well-earned.

RELATED LINKS

Clouds cast long security shadow over enterprise IT

4 security tips for enterprise workers using public WiFi

What’s ahead for security and cloud adoption?

Trackbacks

  1. […] losing mobile devices to failing to use encryption on public Wi-Fi networks — can result in data loss and theft, brand damage, compliance penalties and […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: