It’s not just a case of hitting delete and clearing out the recycle bin to get rid of those files you no longer need. When it comes to personally identifiable information (PII), and that of your customers’, lurking in your data, you are under obligation, particularly when it comes to GDPR, to ensure that data is deleted responsibly, and does not leave you vulnerable to non-compliance, as well as hackers and cyber criminals.
It may surprise you to learn that deleting files, by pressing delete, does not mean they are actually deleted, only the name of the document or file disappears from your inventory. The file itself is just marked as a ‘free space’ to be covered up with other code as and when that space is needed for another file. Until the space is required and overwritten, it exists and is recoverable. This also applies when you clear out your recycle bin. A file recovery program can search for deleted files and easily restore them. If they’ve been overwritten in part, the part that hasn’t can still be recovered.
However, please note, that for computers with solid state drives (SSDs), this does not apply. Deleted files cannot be recovered since SSDs work differently, with data erased immediately delete is pressed.
It’s estimated that around 30% of computers that are sold on, contain ‘easily recoverable’ PII. In a recent project in the U.S., a researcher bought 85 old computers and reported that he found only two of them had been properly wiped. He was able to gather hundreds of thousands of individual pieces of PII, ranging from images to email address to social security numbers and bank details. Although the average non-technical person would not be able to recover this information, someone with some tech ability can. The information they recover has value, and is often sold on to hackers and cyber criminals who make use of it.
You can protect yourself, and your business, against the recovery of sensitive personal information by properly and safely deleting data so that it is permanently deleted and non-recoverable. Aside from smashing hard drives to bits with a hammer, the best approach is to use a file shredder or eraser program. There are many free ones available and quite simple to use.
File shredder programs work by overwriting the files you want to delete with other code so that, in theory, they are no longer recoverable. There is still research to be done on whether there are ‘traces’ of the data still left as recognisable, and special attention needs to be paid to ensure that the files you wish to erase have not been moved about on your drive, that temporary and cached data hasn’t been copied elsewhere. Advice is to shred/erase files regularly, clear out browser history and temporary files, and check there are no copies lurking elsewhere.
If in doubt, and you feel you need further advice on deleting files permanently, on selecting the right file shredder program, or how your ability to delete data affects your GDPR compliance, contact our experts at Cultrix for a confidential chat about your approach to data management.
How can you make sure you’re using all that technology has to offer your business?
We always say at Cultrix, that if you have nagging doubts you could be using technology better, then the chances are, you probably could.
Weighing up the costs of maintaining or replacing your computers
If you’re having the debate of whether to replace any, or all, of your business computers and/or laptops, then the likelihood is you probably should.