Thrown away - but just as sensitive

So what happens when we replace our old PC with a beautifully designed, lightweight new one? There is no doubt that many people forget to think of security when they write the last chapter of their old PC's life.

When old IT hardware is scrapped, it falls under the category WEEE and must therefore be returned to a distributor or a municipal collection station. The waste is then transported to a treatment plant for WEEE where the PCs are dissembled and environmentally treated before moving onto recovery. The plastic, metals, printed circuit boards, etc, are all reused via either material recovery or energy recovery.

We know that some WEEE is stolen before it arrives at the treatment plants Elretur uses. Thefts from collection cages outside distributors and break-ins and thefts from municipal collection stations occur every day. Old PCs are among the items that disappear. In the WEEE take-back industry we know that waste is illegally exported from Norway so, given the increasing problem of ID theft, no one should hand in an old PC today before they are sure everything on it has been erased.

1,340,000 new PCs were sold in Norway in 2008. But what happens to all the scrapped ones? Few people are aware that it is almost impossible to remove all information on a hard drive given the structure and design of today's operating systems. The erase commands on your PC do not remove the data stored on your computer. They simply change the structure, which means it is completely possible to reconstruct the data with freely available software. It is therefore imperative that approved erasing tools are used. Such erasing tools are approved by the Norwegian National Security Authority.

In some places security is handled a little differently - and even though we would not recommend this method, the story from the Skien region about how a solution-oriented IT manager hid outdated PCs under coffins in a churchyard is perhaps the most amazing. He had reached an agreement with a gravedigger to bury hard drives in graves before the coffins were lowered into place. The vicar was probably unaware of all the hard drives that had been "secured" in this consecrated ground, and since the method came to light data is no longer secured in this way in the Skien region!

Larger companies often have good routines for erasing old PC hardware. Elretur's dealings with private and public enterprises has taught us that data security practices vary greatly. Many small and medium-sized companies lack routines for disposing of PCs: where they are going to be scrapped and the security routines prior to scrapping. Old PCs are often given away to organisations or staff - without routines for erasing being in place. The consequences of inadequate routines for the disposal and erasing of old PCs can in such circumstances be that commercially sensitive information leaks out and that the personal privacy of employees is not protected.

You should therefore think security right up to the end. Data from your PC is accessible, even after you have scrapped it - unless you have erased it properly first!

Five good tips for scrapping old PC hardware:

• Decide how you want to scrap the hardware: through reuse or recovery?

• · Consider whether there is a need/wish to reuse the storage media, this will affect the choice of erasing method.

• · If you entrust your hardware to others, ensure that you learn how the data will be erased.

• · Obtain documentation that the data has really been erased.

• · A company or enterprise should establish a consistent security policy that includes routines for erasing data.

Normally PCs, home PCs, photocopiers, printers, fax machines, PDAs, telephones, mobile phones and digital camera all contain data from their use. In other words, it is not enough just to erase old PCs in today's technological society.