Data Dredging, Rule For Disposal, Dot XXX

The rule is meant to stop identity thieves from 'Dumpster diving.'

John Soat, Contributor

June 3, 2005

3 Min Read
InformationWeek logo in a gray background | InformationWeek

DREDGING UP DATA. O&O Software, a developer of hard-drive utilities, last week released the results of a study it conducted recently in which O&O researchers bought 200 used hard drives on online-auction site eBay, then examined them for recoverable data. According to O&O, almost three-quarters of the disks held data the company could--and did--rebuild, including the internal memos and legal correspondence of an unnamed government agency, credit ratings from a major German bank, and documents related to accusations of fraud and embezzlement at a midsize company. But data-protection practices are getting better, O&O says. In a similar study conducted last year, researchers discovered that 88% of the 100 disks they bought on eBay contained recoverable data.

SMASH THAT HARD DRIVE! Ironically (or perhaps not), under a new Disposal Rule--part of the Fair and Accurate Credit Transactions Act of 2003--that took effect last week, companies that use data derived from consumer reports for business purposes must dispose of those records in such a way as to ensure that they cannot be misappropriated or misused. Compliance may require establishing policies to burn, pulverize, or shred documents, and destroy or erase electronic media so the information can't be read or reconstructed. If an outside contractor is used, due diligence is required to ensure that consumer-report information is handled properly and destroyed completely. The goal is to try to prevent criminals from obtaining personal information from discarded materials through "Dumpster diving," says Karen Armstrong, an attorney with the Federal Trade Commission's Bureau of Consumer Protection. Says Armstrong: "If you were an identity thief and you wanted to steal someone's identity, a consumer report would be the perfect document."

XXX MARKS THE SPOT. Quick, what's the only X-rated movie to win an Academy Award for Best Picture? Midnight Cowboy, of course. But that was back when an "X" rating simply denoted a movie with adult themes. The porno industry appropriated the moniker--embraced it, so to speak--even embellishing it to make the "XXX" designation. Last week, the Internet Corporation for Assigned Names and Numbers approved the proposal of ICM Registry to create a .XXX domain name for adult-oriented Web sites. ICM plans to sell .XXX Web-site addresses for $60 apiece, according to The Associated Press, roughly 10 times more than prices other companies charge for dot-com names. Several U.S. politicians, including Sen. Joseph Lieberman, have been lobbying ICANN to create the .XXX designation, saying it will help segregate adult content on the Internet and shield kids from it.

Wait, you can recover data from an erased hard drive? I can't find data that's on my hard drive now, so if erasing it helps me find what I'm looking for, show me the erase key. I won't erase an industry tip, so send it to [email protected] or phone 516-562-5326. If you want to talk about recovering data, Dumpster diving, or the Academy Awards, meet me at InformationWeek.com's Listening Post: informationweek.com/forum/johnsoat.

To discuss this column with other readers, please visit John Soat's forum on the Listening Post.

To find out more about John Soat, please visit his page on the Listening Post.

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights