Pull out the pin and stand back

This time it was the University of Glamorgan, who purchased a selection of second hand computers via the internet and then examined them to see what was left. Many of the machines included sensitive data, and in several cases enough information was left over to allow a successful attack on the previous owner's systems. This is hardly reassuring.

Of course, it is not a new problem. It isn't just the sensitivity of the data that concerns business users, but also software licensing issues that affect disposal of computer equipment. In the UK the Data Protection Act imposes clear responsibilities to remove sensitive data, but so far few prosecutions have been pursued.

More disappointing was the press coverage, with a number of "experts" (none, I noticed, from the security community) saying that the requisite software was specialist and expensive.

Specialist, certainly, but not expensive. There are some very good free tools available (e.g. Darik's Boot and Nuke, http://dban.sourceforge.net) and even the government-approved tools from Blancco and Kroll Ontrack well within the average home user's spending limits. Government standards involve multiple overwrite passes, to reduce the residual data and increase the cost of recovery.

If you're really worried, appropriate physical destruction of the media is the best route (as a friend of mine put it, if you don't have to pull a pin out and stand well back, it isn't secure destruction). Even with secure overwrites, good data forensics companies can often retrieve enough to cause problems. But this is not cheap, and a single-pass overwrite raises the bar well out of the reach of your average crook.

It is also surprising that, given the recent publicity (or hype) regarding ID theft, with sales of personal shredders at an all-time high, people are still ignorant of the need to "shred" data.

It seems a bit strange that the average home or corporate PC comes complete with a "recovery" CD that takes things back to a factory configuration, but never a "recycle" boot disk to prepare it for the dustbin or eBay.

Home users can perhaps be excused their ignorance, but businesses and education (the main culprits of most of the studies) have no excuse. Be sure to recycle your PC – not your data.