How-To Geek

I was recently reading about laws/mandates/regulations concerning data wiping, such as HIPAA and PIPEDA. I've also read about various data wiping utilities being compliant or noncompliant with these laws (DBAN, for example, is apparently non-compliant). I even ran across xxxxxxx.

I'm confused though... what exactly does all this mean? I've gotten the impression that it is something that mainly affects corporations whose computers might contain sensitive data, but I also read something about needing to wipe your HDD in a compliant manner if you wish to donate your old PC. What do these laws mean to me and my personal computer use?

Is it illegal to use a noncompliant utility to wipe my HDD?

Thanks!

Edit by mod. Direct download links are strictly forbidden here.

Are you sure you are talking about 'laws'' vs. mandates or regulations?

From your link :

==============
It should be noted that DBAN does not comply with mandates such as HIPAA or Sorbanes-Oxley,
==============

Government and businesses usually have much more stringent requirements for 'cleaning' a disk than a home user...

Again, from your link :

===============
For most home users DBAN should be fine to use for the purpose of making personal data impossible to recover from an old hard drive.
===============

It might be 'laws' though, but they pertain to the loss of data and responsibility I think?

Check this LINK though.

Irv S.

Some Reading;

http://www.it.cornell.edu/secu.....struct.cfm

http://en.wikipedia.org/wiki/D.....compliance

http://en.wikipedia.org/wiki/D.....t_and_Nuke

Mike

Yes, but depends on the data.

If you have details on members on databases for a club, or society, that you no longer work for/with, for example.

I still don't think it is a 'law', hence illegal? I think if data WERE recovered from the drive and 'losses' happened because you didn't wipe it correctly, you could be held liable? It is all about taking the proper precautions and protection.

I guess if you were a CIA agent and had sensitive data on YOUR personal computer, wiped the drive in a non-recommended method, sold the computer, and someone retrieved the sensitive data off of it, and it was discovered the data was compromised because of what you did, you could be in BIG trouble. If on the other hand it was just your social security number that was there, wiped in the non-preferred method, sold, and someone got that SS number and did some identity theft with it, even if discovered how they got the number, nothing might happen? Who knows... Of course, I am NOT a Lawyer either.

Worried, consult a Lawyer, don't trust us.

Irv S.

@Bobro, I had a similar experience with a laptop that was traded in at the place I used to work. They'd made no attempt whatsoever to wipe the data, it booted straight to the desktop after we'd removed the password, and low and behold we found dozens of very, very naughty pictures of the previous owner (much to the amusement of my colleagues, I might add). It turned out the laptop had been stolen, so it was immediately handed over to the police.

So yeah. Encrypt your hard drives people, please!!