25 Jan 2016

PRIVACY, SCHMIVACY…

January 25, 2016Uncategorized

USED SMARTPHONES OFTEN HOLD PAST USER’S DATA

Gartner Inc. predicts the global market for refurbished smartphones will grow to 120 million units by 2017, up from 56 million in 2014. Recycling is generally a good thing; however, in this case, it may be risky.  Deleting data on smartphones is not always easy and often is not done properly.  Research shows that the prevalence of data “ghosting” on resold devices shows more than one-third of secondhand smartphones contain information created by past users.  In an examination of 122 pieces of second-hand equipment, 48% of the hard disk drives and solid state drives contained residual data, while thousands of leftover emails, call logs, texts, photos and videos were retrieved from 35% of the mobile devices.

The examination also revealed that on 11% of the devices reviewed, only basic delete functions were performed before the device was resold. Researchers also found that often-used “quick-formatting” processes are unreliable, having been performed on 61% of the drives with data still present.

Needless to say, these survey results should capture the attention of everyone, on both a personal and corporate basis. Several concerns should be addressed in every organization’s policies and procedures, as well as any user:

BYOD policies: Does your BYOD (Bring Your Own Device) policy address the segregation of personal and organizational information?  Does the organization have the technology capability to manage this segregation and to enable deletion of organizational information while retaining the personal information?

Employee separation practices: Are you or your human resources department collecting company-owned phones and other portable devices as part of the exit procedure?  How does the BYOD policy address the segregation of personal from organization information?

Organization-owned devices: Does the policy allow for recycling or selling used devices when replacing them?  Does IT wipe data from the devices or does it rely on a third party?  What process and checklists are used in the process?

IT’S YOUR DATA, YOUR PRIVACY…