This week The Times reported that private material, including ‘naked selfies’ and personal emails, had been found on second-hand smartphones despite the devices having supposedly been wiped of all their information. The second hand android phones, purchased from online retailer eBay, were found to include photos of children, indecent images and even personal information such as addresses and location data, meaning previous owners identities and whereabouts could be accessed.
Personal data isn’t just found on mobile devices, it also extends to computers and tablets too. Also with the increasing popularity of BYOD policies, many people are using their personal devices for work use and vice versa. This means that there isn’t just a risk that personal information can be found on wiped devices, but that confidential company information can be accessed too. Many devices used by people for both work and pleasure tend to be sold on, with users assuming that they are totally cleared of all previous historical data. However they need to think again, as simply wiping the data isn’t enough! As a result of this, businesses are at risk of their employees inadvertently leaking highly sensitive data.
In order to manage the dangers associated with mishandled information, companies must take a preventative approach, including best practice training for employees, and the necessary security policies when disposing of devices.
An individual’s right to privacy versus employer rights to audit privately owned devices must also be reconciled. BYOD procedures, for example, should provide a list of devices approved by the firm and determine which corporate applications can be accessed should an investigation be necessary. IT departments should therefore have the means and the authority to wipe corporate data from personal devices used to access work information. This enables companies to ensure that their data is securely wiped from all devices before they are sold or disposed of.
So next time you think you have a wiped smartphone, take a closer look!
By Phil Beckett, managing director at Proven Legal Technologies
Phil Beckett is a Managing Director at Proven Legal Technologies and joined the team after spending seven years leading Navigant Consulting Inc’s European Forensic Technology practice.
Throughout his career Phil has provided advice to lawyers, regulators, corporate entities, not-for-profit organisations and other stakeholders in relation to forensic investigations and e-disclosure projects in both the public and private sectors in the UK and also internationally. He specialises in advising clients concerning the preservation and investigation of digital evidence, the interrogation of complex data sets and the disclosure of electronic documents. He is also a qualified fraud examiner and has been a recognised court expert in relation to various aspects of digital evidence, producing numerous expert reports.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.