If you're disposing of old documents such as bank statements or tax forms, security experts recommend shredding the paperwork so it can't be used by identity thieves. It's a practice everyone should be familiar with, since it may be the top recommendation for preventing identity theft.
However, many consumers and organizations are turning to a paperless world, and records once held in filing cabinets are now stored on computer hard drives. But computers eventually get replaced, and old computers get donated, recycled, handed down or refurbished — often with personally identifiable information (PII) still on the machine.
Pick up any old computer being tossed out on the street, and odds are its hard drive will still be in it — and will have a wealth of information about its previous owners.
Simply deleting the data by emptying the "trash" folder won't totally wipe all that information away. Before you dispose of an old personal computer, the experts recommend that the very least you do is fully reformat your hard drive and reinstall the operating system. A better bet is to wipe your hard drive clean.
"With computers, it isn't difficult to wipe data, if you understand what you are doing and do it correctly," said Greg Kelley, chief technology officer with Vestige Digital Investigations in Medina, Ohio.
"The most important thing to consider is that to be certain that you got all of your data, you need to wipe the entire hard drive," Kelley said. "Programs such as BCWipe and Eraser can perform this work."
An even easier way to do this, provided the user has Windows 7 or better, is to create a system repair disk and then format the hard drive using the standard format command, said Matthew Kinney, executive vice president of research and development with staffing-software maker BWSI in Phoenix.
"This also uses the write-zero approach, overwriting each block with binary zeroes, and is super easy," Kinney said. "I have recommended this to many of my friends who aren't tech people and have them use the instructions on About.com."
However, not every attempt to clean off the hard drive is 100 percent successful. If that's the case, and if you want to keep the hard drive with the computer, Kelley recommended taking the machine to a qualified computer technician to perform the work.
"Make sure that the computer technician is one [who] understands that deleting a file, formatting a hard drive or reinstalling an operating system doesn't render the data unrecoverable," Kelley said. "Those technicians will know enough to identify the proper tools to wipe your drive."
If you have a solid-state-drive (SSD) in your PC instead of a traditional spinning hard drive, most SSDs included disk-wiping utilities that should do the trick. Consult your SSD maker's website for instructions.
If you're sending your computer to be recycled, or you're donating it to a relative or a charity, the best way to protect your personal data is to simply remove the hard drive and physically destroy the drive.
Off the premises
Eliminating personal data from personal computers kept at home is relatively easy. The real problems lie with mobile devices and work computers. Smartphone and tablet owners now store a great deal of personally identifiable information on these devices. Apps are available to "wipe" the devices if they are lost or stolen, but the technology is still relatively new and some data can be left behind.
"Many cellphones have a 'restore to factory defaults' option that will delete data, but in many instances, it has been shown that this does not always work," said Adam Wosotowsky, messaging data architect at Santa Clara, Calif., digital-security firm McAfee. "Additionally, they are not overwriting the data multiple times to prevent forensic equipment from being able to recover it."
If you intend to never use the phone again, the best option is to physically destroy it. However, if you want to recycle the phone, your safest option may be to sell it to a company that refurbishes phones for re-sale.
The reason to follow this path, said Kyle Marks of Retire-IT, a Columbus, Ohio, firm specializing in computer disposal, is because these companies could end up being liable if your personal data is found on a device they refurbished and sold. In this case, it is in their best interest to make sure your data is safe.
Do you trust your boss?
Businesses also have an interest in making sure personal data is kept secure. But Marks pointed out that while most companies have a strict record of incoming inventory, they are more lax when it comes to disposal of equipment.
If your computer is being replaced, or if you are leaving the company, you will want to make sure that you have at least deleted everything that holds your personally identifiable information, including temporary files and browsing histories. You can also ask your IT support staff about what happens to old equipment, and whether the machines are wiped clean or the hard drives are reformatted.
"A mature, well-run company should have a formal procedure in place for computer disposal," Marks said. "But you have every right to be concerned if your IT support takes a 'we'll take care of it, don't worry' attitude when you ask about computer disposal."
Unfortunately, there might be nothing you can do about that.
"Once that data is on the computer, depending on company policy and local laws, you may no longer have ownership to that data," Kelley said.
Instead, Kelley said, leave your banking, personal emailing and social networking to your home computer. That way, you can control what happens to your personally identifiable information when the time comes to get rid of your old equipment.