How much information do organizations throw away?

Abstract

Organizations discard computers with vital IP on disks More than 100 disposed disks, that were released from random organizations for reuse or recycling were analysed by University of Glamorgan for sensitive data. The disks were scrutinised to reveal if there was any important information left on the disks that could link the discarded equipment to an organization, reveal usernames or financial data. The researchers managed to link more than half of the disks easily to the organization's of origin. These included a pharmaceutical company, a major leisure services company, a university and a school. The findings were alarming and potentially devastating to an organization or individual. Some of the disks contained enough valuable information to enable industrial espionage, identity theft, fraud, blackmail or network intrusion. A disk from a major leisure service company came from the finance department and gave a very accurate financial forecast, which would be of great interest to a competitor or financial analyst. The newspapers 123 have been warning us for some time of the dangers and costs of identity theft and the problems that it causes for individuals that are affected by it. At the same time, the UK Government is publicising initiatives such as Warning, Advice and Reporting Point (WARP) 4 and IT Security Awareness For Everyone (ITsafe) 5 aimed at improving information security awareness. It is therefore somewhat disturbing that recent research from universities in the UK and Australia has revealed that organizations that are entrusted with personal and corporate information seem to be failing to take adequate measures to protect it.