The inadequate disposal methods of PCs containing sensitive data remains a serious problem among UK businesses, in spite of new legislation aimed at better managing chemical waste.
As much as a third of corporate PCs sent for disposal by UK companies could contain sensitive data, according to a survey conducted by Vanson Bourne on behalf of Lenovo, the PC maker.
The survey of 300 businesses reveals these lapses in data security occur across the board in equal measure in both mid-size and large enterprises. In the mid-market sector, 30% of interviewees admitted that they had “possibly, probably or definitely” left data on a decommissioned PC. Similarly, about 29% of IT managers in the large enterprise sector - companies with more than 1,000 staff - admitted the same practice.
Lenovo claims that, in spite of high-profile security leaks from lost IT hardware, as well as the Waste Electrical and Electronic Equipment (WEEE) directive, which stipulates that business must recycle IT equipments, most companies were still unaware of the proper measures needed for security.
Most companies have little idea about what is being stored on their computers. More than half of the respondents said they allowed employees to save all types of file to their computers, including company financial and legal information. Only one in ten had strict guidelines for employees on how to regularly clean up and audit their hard discs.
Further, most respondents stated that they believed that formatting a hard disc removed the sensitive data. However, Chris Wells, vice president UK and Ireland at Lenovo, said this information could be easily retrieved by third parties that were not entitled to see the data.
"It is essential for organisations to consider secure data disposal when refreshing end-of-life computers in order to avoid becoming susceptible to potentially immeasurable business risk," said Wells.
The issue of improper disposal of PCs and removal of sensitive information has been in the media for some months. Recent reports have claimed that criminal gangs in West Africa have been able to retrieve and sell confidential financial data, such as bank account details, from PCs sent from the UK.
Lenovo also used the survey launch to promote its Secure Data Disposal product, which removes data from hard drives.