Government IT disposal poses security breach risk


Government IT disposal poses security breach risk

Rebecca Thomson

Some 70% of central government departments do not check that data has been wiped from IT equipment they are disposing of, exposing them to potential security breaches, a ­report released yesterday by the National Audit Office has found.

The report said that although 90% of central government organisations wipe data from IT equipment before it is recycled or resold, most do not obtain evidence that data wiping has been carried out.

"Inadequate data wiping could give rise to security breaches if classified data is not properly removed, or the equipment on which it is held is not handled in a secure manner," said the report.

Most public sector organisations use third-party disposal agents to recycle their IT equipment. However, the report concluded that, "Many public bodies have inadequate oversight of the IT equipment disposal chain."

When public bodies are disposing of equipment they must comply with the Data Protection Act, which protects personal information, and the Official Secrets Act, which safeguards official information.

The report said that the problems are caused by the lack of an industry-wide framework. "There is no government-wide guidance specifically covering the disposal of IT equipment which clearly outlines the risks, legislative framework and practical implications for organisations," the National Audit Office said.

The report stated that there are also significant savings to be made in IT disposal - if departments copied the commercial world and disposed of units after three years instead of the current five-year lifetime. Doing so could have saved £70m in the 2005-2006 period the report found.

The National Audit Office recommends that the Office of Government Commerce, the Department for Environment, Food and Rural Affairs, the Department of Trade & Industry, and the Environment Agency - the public bodies with the greatest responsibility - should conduct a joint analysis into how to maximise the "whole life value" of IT equipment.

Discarded hard drives can be dangerous >>

Comment on this article:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy