I work in a banking environment, and when we erase old drives to be donated we have to use professional software that provides documentation saying that the drive is erased. In our case, we use blancco. http://www.blancco.com/us/frontpage/ If the drive fails any part of the erasure it gets tossed into a box to be physically destroyed by another professional service that certifies the destruction. (I feel for the people that have to write down hundreds of serial numbers and disk sizes.) If you're just sending back to HQ, then maybe they plan on doing something similar as someone else said and the erasure you're doing is just an intermediate step. Not to say it's a safe one. As far as liability goes I cannot say.
From: [email protected] [mailto:[email protected]] On Behalf Of Jon Harris Sent: Wednesday, January 28, 2015 10:36 PM To: [email protected] Subject: RE: [NTSysADM] Freeware in a corporate setting Does the bank understand that software wiping is not considered safe for release of sensitive information? Admittedly I doubt the company receiving the old machines would want to pay the price to recover the "wiped" data but I am sure it could be done. It would just depend on how much someone wanted to pay to recover the drive's data. Jon _____ Date: Wed, 28 Jan 2015 22:27:55 -0500 Subject: Re: [NTSysADM] Freeware in a corporate setting From: [email protected] To: [email protected] Mark, You are right, I do need to give you some more information, so here goes: The computer/laptops are on lease. They need to be 'swapped out', hence the end-users are getting new equipment that is on lease. The instructions specify that the old hard drives need to be wiped. No del *.* or formatting is allowed. These are the instructions I received on the first day: 1. Bring black markers 2. Bring packing tape and a taping gun 3. Make a copy of UBCD, latest version on CD. Bring that with you onsite. You are to use it to wipe the drive. DO NOT FORMAT THE HARD DRIVE. DRIVE MUST BE WIPED. 4. 2 hour time limit on each computer you work on. Ok to go 2.5 hours, but if longer than that call helpdesk number for approval. 5. After capture of user profile data, swap out old equipment wit new equipment and perform restore. After restore is done, have user open all applications and determine that their data is back on the new equipment. Once they are satisfied that their data is there wipe the hard drive with the software that you brought. 6. Package old equipment in shipping container that new equipment came in and apply supplied shipping label to box. I will be glad to supply more info if anyone desires it. Daniel On Wed, Jan 28, 2015 at 10:09 PM, Mark Liechty <[email protected]> wrote: I disagree. If you are told what software to use and you are given specific instructions in writing as to the procedure then you are not on the hook for if the software performs from a legal compliance point of view. If it is a bank and they say that all you needed to do was del *.* and toss in the goodwill donation bin then you do as you are told. The exception would be if you were somehow a legal compliance expert and data security was part of your contract. As for software licensing again, if you get specific instructions then who are you to challenge what license agreement may or may not be in place from the company who hires you to performa a specific tasks. Note that this is 100% different than if you are told to securely wipe xx drives to meet yy standards for zz compliance reasons and you must also backup preserve some portion of user data. The rest of this is us having a good time at your expense. The way you outline things you are not really a contractor anyway. You cannot get that tight of procedures and be "independent" but that is a totally separate issue. If you don't like the job quitting is also an option. > ####### > It's up to you to discover the license, read it, and decide for > yourself what it means, and if you have problems with it, then report > it to the responsible parties for a decision. DISCLAIMER: This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to which they are addressed. This communication represents the originator's personal views and opinions, which do not necessarily reflect those of The Citizens Bank. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify [email protected]. The sender believes that this E-mail and any attachments did not contain a virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening any attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects.
