The Risky Business Of Data Deletion

Beyond the basics, there are dozens of products that say they render data unrecoverable. Robin Hood Software's Web site says its not-so-subtly named Evidence Eliminator software renders data unrecoverable by the Secret Service and Scotland Yard. But former Bowne CEO and Newsday publisher Bob Johnson used Evidence Eliminator to destroy more than 12,000 files from his work computers during a 2004 child pornography investigation and ended up pleading guilty to the charges, including an obstruction charge related to his use of the data deletion product.

Other products range from open source freeware such as Darik's Boot and Nuke, which renders data on PC hard drives unrecoverable, to multiseat products such as Kroll OnTrack's Data Eraser, CyberScrub's Cybercide, and a full line from Finland's Blancco, all of which work on PCs and storage media. Kroll OnTrack and others make degaussers, hardware that bombards hard drives with heavy doses of magnetism to render them unusable. Secure deletion comes as a feature in EMC's Centera, a content management and storage archive, and IBM's FileNet Records Manager. EMC's Documentum has built-in records management that can, for example, tag SAP transactions and e-mail with retention periods and notify designated people when data is about to be destroyed. EMC and other companies also offer deletion services.

Not all the products work as claimed: a Carnegie Mellon University graduate student testing three consumer data deletion products last year found that none was able to remove all sensitive information.

The ones that do work overwrite deleted data several times with randomized code. Even so, forensic examiners often can determine that a data-wiping program has been used. If a drive has never been written to, it's blank, and the empty space looks like nothing to the examiner. However, once it has been written to, even with random characters as happens with today's data-wiping programs, the space doesn't appear empty. Sometimes, examiners can tell when the data was deleted and by whom.

Those who don't want to use products or convoluted self-deletion methods might try what car dealership South Shore Imported Cars CIO Jack Daniel does whenever a drive is failing. "I'm an amateur blacksmith in my spare time," he says. "I heat a drive up to several thousand degrees, and it destroys the data." And the drive, too.

Big Picture
Data deletion is only a piece of the bigger data management picture, where an increasing number of laws and regulations require companies to keep all sorts of data. Payroll records can go to the rubbish bin only after somewhere between three and seven years, depending on the company and relevant law. Medical records sometimes must be kept until two years after a patient's death. The Sarbanes-Oxley Act requires accounting firms that audit public companies to keep related documents for seven years after the audit.

In addition to regulatory requirements, the health-care industry's use of digital medical records means data stores are increasing exponentially. "The industry is stuck trying to keep pace with it," says John Wade, executive director of the Kansas City Regional Electronic Exchange, a secure health information exchange. "You're going from terabytes to petabytes to whatever the next number is in an astonishingly short period of time."

Backups at packaging company Huhtamaki Americas have hit 2 terabytes a night, making managing that old data a problem. "There are files out there that are really old and nobody's cleaned them up," says IT project manager Mike Pettigrew.

A storage area network Pettigrew installed last year already has been upgraded twice. Huhtamaki plans to install Xerox's DocuShare document management system, which will put a time stamp on every document employees create, track aging documents, and prompt managers to make decisions about them after a set amount of time.

Formulating policies to manage all that data can be complex, too. With lifetime warranties on all the swimming pools it builds, Anthony & Sylvan Pools has kept every one of its 400,000 contracts and tries to hold onto customer e-mails as well. "You never know when you may need it in the future," VP of IT Anthony Pizzelanti says. "If we ever run into a capacity issue, the thing we'd do is probably just add more disks."

On the flip side, Anthony & Sylvan tells employees to delete other e-mails and compress their e-mail archives whenever space limits are reached. The company also deletes employment applications after a year because they no longer hold any value and could potentially be fodder for lawsuits. It also wipes disks seven times before getting rid of a computer or transitioning it to a new owner.

Data deletion technology is also being used to fight thefts of laptops and storage media that have put enormous amounts of data at risk. This spring, Everdream and Absolute Software each came out with products that securely delete or encrypt information on a stolen laptop as soon as the device connects to the Internet. A similar capability is built into the newest version of the Palm Treo.

For companies that have a policy and the right tools in place, the final piece of the data management puzzle is making sure employees understand their role. They must know the ramifications of deleting or keeping each piece of data they handle. "Laws change, regulations change, data media change, so it's not a one-time effort," says Wade of the Kansas City Regional Electronic Exchange.

Short of locking down every computer, the best way to prevent rogue data deletion or rule-breaking data transfers is to convey your company's data management policy to all employees. That will eliminate 99% of potential problems. What about the other 1%? Unfortunately, there will always be room for misuse.