Back in the good old days, hackers rooted through companies' dumpsters in search of Wide Area Telephone System (WATS) numbers, which they could use to make free phone calls. Nowadays, those dumpsters contain something far more valuable: hard drives. In fact, modern snoops can skip the dumpster diving; they can simply buy secondhand, dirt-cheap drives on eBay.

Recently, M.I.T. graduate students Simson Garfinkel and Abhi Shelat made headlines when they discovered just how vulnerable your old hard disks could be.

The pair purchased 158 secondhand drives. On the 129 drives that were still working, they found thousands of active credit card numbers, along with pharmaceutical records, legal correspondence, corporate memoranda, and, of course, pornography. In addition, 66 of the drives had more than 5 e-mail messages; one had more than 9,500. Only 12 had been properly and thoroughly cleansed of recoverable data.

While few thieves are likely to carry out a recovery effort as extensive as Garfinkel and Shelat's, it is still foolish to think that data on your discarded hard drive can't be read by someone else. In fact, doing so isn't always illegal. The U.S. Supreme Court ruled in California vs. Greenwood that discarded materials confer no right to privacy, giving individuals the right to whatever they find on secondhand drives.

Sanitize your old drive
So what can you do? Simply reformatting your drive is not enough. Of the working drives, Garfinkel and Shelat found that 51 had been freshly formatted; 19 of those still held recoverable data. As long as it's not overwritten by new data, old data can still be recovered by others. Another factor: As I've written before, Windows copies all of your data and stores it in multiple places, so it's sometimes possible to reconstruct deleted files.

Garfinkel and Shelat identify three ways to sanitize your old hard drive. To be completely safe, you could always physically destroy the drive by smashing it to pieces. If that's too extreme, you can demagnetize the drive with a Type I or Type II degauss tool. Or--and this is the most practical--you could overwrite all the data with a utility called a disk sanitizer. There are dozens of these programs available for download.

It would be nice if hardware vendors helped, too. The authors say every hard drive should come with sanitizing tools. In addition, Garfinkel and Shelat say that a hard drive should automatically encrypt every block of data written to it and decrypt every block read from it. This would allow you to render the drive unreadable by removing the encryption keys with a manual self-destruct procedure.

Easy steps to follow
Until those things happen, I suggest you start using PGP to encrypt all your e-mail. You should also encrypt Microsoft Word, Excel, and other sensitive documents with programs such as PKZip or CuteZip. Finally, delete files you want to keep private on a regular basis using a sanitizing program such as Eraser.

One other way you can protect yourself: don't automatically throw your old hard drive in a dumpster or hawk it on eBay. Consider using it as a second drive on your new machine; you can always use extra storage space. If you do decide to discard or give away the old drive, be sure to install Eraser on the new drive and overwrite the old one several times.

Don't let someone steal your private data. If you follow the suggestions I've laid out, you're less likely to become a victim.

Are you concerned about your personal data being stolen from your old hard drives? Do you sanitize your drives? If so, how? TalkBack to me!

Senior Associate Editor Robert Vamosi covers hoaxes, viruses, and security threats for CNET Reviews. Have a question for him? Let him know!