Association of Digital Forensics, Security and Law
Computing, Health and Science
Computer and Information Science, Centre for Security Research
All organisations, whether in the public or private sector, increasingly use computers and other devices that contain computer hard disks for the storage and processing of information relating to their business, their employees or their customers. Individual home users also increasingly use computers and other devices containing computer hard disks for the storage and processing of information relating to their private, personal affairs. It continues to be clear that the majority of organisations and individual home users still remain ignorant or misinformed of the volume and type of information that is stored on the hard disks that these devices contain and have not considered, or are unaware of, the potential impact of this information becoming available to their competitors or to people with criminal intent. This is the third study in an ongoing research effort that is being conducted into the volume and type of information that remains on computer hard disks offered for sale on the second hand market. The purpose of the research has been to gain an understanding of the information that remains on the disk and to determine the level of damage that could, potentially be caused, if the information fell into the wrong hands. The study examines disks that have been obtained in a number of countries to determine whether there is any detectable national or regional variance in the way that the disposal of computer disks is addressed and to compare the results for any other detectable regional or temporal trends. The first study was carried out in 2005 and was repeated in 2006 with the scope extended to include additional countries. The studies were carried out by British Telecommunications, the University of Glamorgan in the UK and Edith Cowan University in Australia. The basis of the research was to acquire a number of second hand computer disks from various sources and then determine whether they still contained information relating to a previous owner or if information had been effectively erased. If they still contained information, the research examined whether it was in a sufficient volume and of enough sensitivity to the original owner to be of value to either a competitor or a criminal. One of the results of the research was that, for a very large proportion of the disks that were examined, there was significant information present and both organisations and individuals were potentially exposed to the possibility of a compromise of sensitive information and identity theft. The report noted that where the disks had originally been owned by organisations, they had, in most cases, failed to meet their statutory, regulatory and legal obligations. In the third and latest study, conducted in 2007, the research methodology of the previous two studies conducted was repeated, but in addition to Longwood University in the USA joining the research effort, the scope was broadened geographically and the focus was extended to determine what changes had occurred in the availability of sensitive information might be occurring over time.