Does the bank understand that software wiping is not considered safe for release of sensitive information? Admittedly I doubt the company receiving the old machines would want to pay the price to recover the "wiped" data but I am sure it could be done. It would just depend on how much someone wanted to pay to recover the drive's data. Jon Date: Wed, 28 Jan 2015 22:27:55 -0500 Subject: Re: [NTSysADM] Freeware in a corporate setting From: [email protected] To: [email protected]
Mark, You are right, I do need to give you some more information, so here goes: The computer/laptops are on lease. They need to be 'swapped out', hence the end-users are getting new equipment that is on lease. The instructions specify that the old hard drives need to be wiped. No del *.* or formatting is allowed. These are the instructions I received on the first day: 1. Bring black markers 2. Bring packing tape and a taping gun 3. Make a copy of UBCD, latest version on CD. Bring that with you onsite. You are to use it to wipe the drive. DO NOT FORMAT THE HARD DRIVE. DRIVE MUST BE WIPED. 4. 2 hour time limit on each computer you work on. Ok to go 2.5 hours, but if longer than that call helpdesk number for approval. 5. After capture of user profile data, swap out old equipment wit new equipment and perform restore. After restore is done, have user open all applications and determine that their data is back on the new equipment. Once they are satisfied that their data is there wipe the hard drive with the software that you brought. 6. Package old equipment in shipping container that new equipment came in and apply supplied shipping label to box. I will be glad to supply more info if anyone desires it. Daniel On Wed, Jan 28, 2015 at 10:09 PM, Mark Liechty <[email protected]> wrote: I disagree. If you are told what software to use and you are given specific instructions in writing as to the procedure then you are not on the hook for if the software performs from a legal compliance point of view. If it is a bank and they say that all you needed to do was del *.* and toss in the goodwill donation bin then you do as you are told. The exception would be if you were somehow a legal compliance expert and data security was part of your contract. As for software licensing again, if you get specific instructions then who are you to challenge what license agreement may or may not be in place from the company who hires you to performa a specific tasks. Note that this is 100% different than if you are told to securely wipe xx drives to meet yy standards for zz compliance reasons and you must also backup preserve some portion of user data. The rest of this is us having a good time at your expense. The way you outline things you are not really a contractor anyway. You cannot get that tight of procedures and be “independent” but that is a totally separate issue. If you don’t like the job quitting is also an option. > ####### > It's up to you to discover the license, read it, and decide for > yourself what it means, and if you have problems with it, then report > it to the responsible parties for a decision. -- Daniel Rodriguez [email protected]
