On TV.com: KIM KARDASHIAN is hot hot hot

Search:
Go!


Today on CNET
Reviews
News
Downloads
Tips & Tricks
CNET TV
Compare Prices
Blogs
Cell phones| Desktops| Digital cameras| Laptops| MP3 players| TVs| All Categories


Click Here
advertisement

Security Watch : Don't get burned by viruses and hackers
Data destruction--it's harder than you think
E-mail to a friend
Send us feedback
TalkBack
TalkBack:
Add your opinion
By Robert Vamosi 
Senior editor, CNET Reviews
June 10, 2005

On June 1, 2005, the Federal Trade Commission enacted new rules regarding proper data destruction relating to personal information such as names, addresses, and social security numbers. It's yet another provision of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), an act which among other things allows everyone in the United States and its territories to request a free credit report once a year from each of the major credit bureaus. But many of the FACTA provisions, though well intentioned, remain obscure. As the old saying goes, if a tree falls in the forest and no one's around to hear it, does it still make a sound? In other words, do you know whether this rule applies to you (chances are it does), and do you know how to purge data (chances are you don't)?

The fine print
The new FTC rules apply to just about anyone doing business these days, perhaps even you. Beyond the obvious candidates, credit bureaus and financial institutions, the new FTC requirements, or the FACTA Disposal rule, extends to employers, landlords, automobile dealers, private investigators, debt collectors, and any individual who obtains credit reports on prospective contractors, such as nannies. According to the new FACTA rules, if you possess personal data within your workplace, you must make every effort to:

  • Burn, pulverize, or shred papers containing credit report information so that the information cannot be read or reconstructed.

  • Destroy or erase electronic files or media containing credit report information so that the information cannot be read or reconstructed.

  • Conduct due diligence and hire a document destruction contractor to dispose of material specifically identified as credit report information consistent with the rule.

The FACTA Disposal rule extends to employers, landlords, automobile dealers, private investigators, debt collectors, and any individual who obtains credit reports on prospective contractors, such as nannies.
That means you can no longer toss credit report printouts in the trash; you must burn, pulverize, or shred them instead. Failure to comply with the new regulations can result in civil and state penalties up to $1,000 per violation. Federal penalties can be as high as $2,500 for each incident. Violators also may open themselves up to class-action suits.

So what about digital versions of credit information? Destroying or erasing data covers a lot of territory.

Digital deletion is much harder than it seems
Destroying a hard drive includes smashing it to pieces or drilling holes into the case so that the magnetic disk inside is destroyed. But erasing digital data "so that the information cannot be read or reconstructed" is ill-defined within the new FTC rule.

Just because you delete a file within Windows doesn't mean that it's gone--on the contrary.
What if I told you that I could read all the deleted Windows OS files on any intact Windows OS hard drive? Or that law enforcement officers could reconstruct files you thought were long gone? Or that the hard drive you just bought on eBay might contain a gold mine in account information and passwords belonging to its previous owners? Back in 2001, I wrote about this in greater detail in a ZDNet AnchorDesk column on Windows data destruction and how hard it is to get rid of a single file.

In short, just because you delete a file within Windows doesn't mean that it's gone. On the contrary, within Windows there's plenty of evidence the file existed (temporary backups, earlier saved drafts), often stored in spaces where there appears to be no data (this is called slack space). The solution is to overwrite the data with new data (usually ones and zeros) and to do that several times--the more the better.

Out, out, damn file
There are several free and downloadable products that work. One, Eraser, is notable because it will overwrite your data up to 35 times. By comparison, the government's own standard is 7 passes. I personally use the data shredder included within the Steganos Security Suite, which can overwrite data up to 100 times, more than enough to purge any data.

Even if you don't run a business, I recommend getting into the habit of shredding your electronic data. You never know when you might want to donate your old computer to a local school or charity or sell it on eBay. For more on FTC safeguards regarding consumer information see this PDF file.

Do you destroy electronic files? If not, why not? Talk back to me.

Security Center
Top antivirus apps
From CNET Reviews
Top antispyware apps
From CNET Reviews
Virus and security alert forums
From CNET Message Boards




6/3/05
Writing down passwords

5/27/05
Of ID theft, Paris Hilton, and methamphetamines

5/20/05
Why the Sober virus is still messing with your PC

More commentary


More commentary
Buzz Report
Molly Wood
Taking a bite out of hype.
Security Watch
Robert Vamosi
Don't get burned by viruses and hackers.
Fully Equipped
David Carnoy
The electronics you lust for.
On Call
Kent German
Solutions for your wireless woes.
Driving It
Wayne Cunningham
What's hot and what's not in car tech.

TalkBack
58 messages

Article discussion: Data destruction--it's harder than you think

Post a comment

Latest post:

"There is a better way folks."
by Dana1961 (See profile) - November 26, 2007 7:36 AM PST
Good points all, but there is a better way. I represent a company called Destruct Data up near Boston. We have found for hard drives, nothing is better than "Secure erase". It's no... (Read more).
Sort by: Title |
Date
| Most helpful
See all posts

Mobile hard drive, disk, CD, DVD shredding

Does this make sense...

I'm starting a business in Tampa offering mobile ... (Read more)
by shewmakt (See profile) - July 12, 2006 10:15 AM PDT

CyberScrub and cyberCide lead industry

CyberScrub data erasure products seem to be notoriously absent from this thread.... (Read more)
by jack_157 (See profile) - January 10, 2006 11:37 AM PST
1 comment

An old addage goes something like this:

"If you don't want it discovered, don't write it down."

If you don't abso... (Read more)
by btljooz (See profile) - December 23, 2005 10:42 AM PST

[b]Some Interesting Information[/b]

There is a site on the net I have found to be very interesting. I will post the ... (Read more)
by Eskiegirl302 (See profile) - December 23, 2005 9:40 AM PST

Data destruction - it's easier than you think

How can you claim that data destruction is hard? It is extremely easy and basic... (Read more)
by 9100107 (See profile) - December 23, 2005 8:49 AM PST

freebees

I found a couple free shredder pgms and use them.
One makes 5 passes - 0000, ... (Read more)
by tek835 (See profile) - December 23, 2005 8:26 AM PST

Destroying data on CDs

I have tried to cut up CDs - nearly impossible.
I have also tried to run them... (Read more)
by jpmathews (See profile) - July 16, 2005 8:49 PM PDT
1 comment

re:talkback

If you delete the partition that your current windows is on and reinstall window... (Read more)
by zigjig (See profile) - June 22, 2005 3:39 PM PDT
1 comment

Why bother?????

There is nothing in my pc that could incriminate me in any way. I'm not involve... (Read more)
by nycboy0156 (See profile) - June 22, 2005 2:33 AM PDT
1 comment
See all posts

Help Center|Newsletters|Corrections|What's New|All Product Reviews|
Search:
Go!

Popular topics: Apple | Antivirus | Cell Phones | Dell | Digital Camera | Firefox 3 | Games | iPhone | iPod | iTunes | Laptops | Norton | PS3 | Verizon | Wii | Xbox 360
CNET.com
About CNET|Today on CNET|Reviews|News|Compare prices|Tips & Tricks|Downloads|CNET TV
Popular on CBS sites: World News | Fantasy Football | Amy Winehouse | Baseball | E3 | Batman | Firefox 3 | iPhone 3G
About CNET Networks | Jobs | Advertise


© 2008 CNET Networks, Inc., a CBS Company. All rights reserved. | Privacy Policy | Terms of Use