Page 171 -

P. 171

W h a t Y o u C a n D oh a t Y o u C a n D o
142
142 P P a r t I I I : a r t I I I : W

Although you may be expecting the attack to come from hackers and viruses, a 2007 study
by Gartner shows that 90 percent of all security breaches occurred because of user missteps.
That is, users brought the damage on because of their own actions (or lack of action).
Hard-drive decommissioning is the act of removing data from the hard drive before it is
sent for recycling or repurposing. Unfortunately, this is often done incorrectly and,
especially if you’re sending hundreds or thousands of computers out of your organization,
it can be costly. On the flipside, data in the wrong hands can be even costlier. The cost can
be measured in lost company information, trade secrets, and the like, as well as potential
damage to your company’s reputation should the company be required to disclose the loss
under one of the numerous data breach laws in effect around the world. To top it off, loss of
certain types of data could be a civil and/or criminal liability for company officers.
Yes, criminal and civil action is a possibility because of the enactment of recent laws to
protect individuals’ health and financial information. This section examines what you can
do to keep your organizations’ hard drives from giving up their secrets.

Consequences
Breached data can bring public relations, legal, and business repercussions. Data
confidentiality is highly regulated by the U.S. Government. For example, the healthcare
industry has Health Insurance Portability and Accountability Act (HIPAA) guidelines in
place that put rules on confidential personal data. If that data gets out, the organization that
lost it faces strict penalties. U.S. businesses and their employees and partners suffered huge
losses after financial misdeeds by officers at Enron and Tyco International. As such, the
Sarbanes-Oxley legislation places rules on financial data.
In the past, it was just a good idea to keep data secure. Now it’s the law. As a result of
these laws, it isn’t just a customer or client who suffers if data is leaked. Now, companies
can face huge financial penalties. Even more sobering, company officers and directors can
face prison time.
Table 7-2 illustrates potential penalties if the laws are violated.

How to Clean a Hard Drive
Often, when selling an old computer, returning it after a lease, or recycling it, you simply
reformat the drive or delete the files. When this is done, users tend to think that the data is
gone, but it’s not.
By going through a reformat or deleting files, one tends to think that the data is gone—after
all, “format” sounds like the process means business, and you even hear the hard drive
buckling down and making some serious sounds.

Fair and Accurate Credit
Sarbanes-Oxley Transactions Act of 2003 (FACTA) HIPPA
Directors $1,000,000
and Officers
Institution $5,000,000 $11,000 $50,000 to $250,000
Prison 20 years 1 to 10 years

TABLE 7-2 Potential Penalties If Conﬁdential Data Is Not Protected

166 167 168 169 170 171 172 173 174 175 176