Lab tests prove that personal records are leaking out of companies
Patient health records, social security numbers, bank account numbers and internal auditing procedures are examples of the kinds of information that is unknowingly “leaking” out of data centers. This disturbing trend is the result of companies improperly disposing of used data storage products at end-of-life, including a growing practice of selling used computer tape cartridges to so-called “recertifiers.” Imation announced it has uncovered these and other serious data security and financial risks facing Corporate America due to improper destruction of used data storage products.
Data leaks occur when data storage managers, who increasingly face budget constraints, sell or give tape cartridges containing company data to a reseller who claims to erase or destroy the data. The reseller often “recertifies” the cartridges without fully erasing the data then sells them back into the market. In many cases, the data storage manager is unaware of this practice as it is these cartridges that often contain confidential company and customer data.
Imation has determined through its testing that many tape cartridges, especially those with magnetic servo tracks, cannot in fact be completely wiped clean. With today’s high-capacity cartridges, significant amounts of data may be left intact and exposed to unwanted breaches. A typical tape cartridge can store hundreds of gigabytes of data, with the most current high-end cartridges holding up to a terabyte of data. An estimated one million cartridges are “recertified” each year.
While the practice of reselling used tape was established to mitigate budget constraints, the costs associated with data breaches can far outweigh any savings. According to industry analysts and others who study the financial, security and reputation risks of data breaches, the cost to companies resulting from the failure to protect data is growing each year. In a 2006 report from the Ponemon Institute (2006 Annual Study: Cost of a Data Breach) the average cost to companies per lost customer record as a result of a data breach is $182. Multiply this by the thousands of individual records that may remain on improperly retired used data storage products, and the financial risk to these companies becomes apparent.
According to the Privacy Rights Clearinghouse, as of early October 2008, more than 245 million personal records have been exposed as the result of data breaches in the last three years alone, and that number is on the rise. In addition, the Ponemon Institute study found that more than 90 percent of data breaches occur in digital form and the costs associated with data loss are rising into the billions of dollars each year.