The Registrar probably meant see as in seeing the document declaring it had
been properly deleted. Deutsche Bank used a third party to do this work,
obviously the third party either didn't do what they signed to say they had
done it or Deutsche Bank hadn't told them to destroy data or they hadn't
checked the dockets.

My understanding from forensics experts is that unless a disk is formatted
anything upto 10 times, it would be possible to recover data, given real
effort. This is extreme and would, I suggest count as excessive effort under
the Act. Our disposals policy demands that all media is formatted before
being disposed of.

For floppies it is possible to open them up and cut the magnetic disk with a
pair of scissors.

CD ROMs are a pain as they raise health and safety dangers when you try to
break them in half.

Many years ago, while working for a competitor of Deutsche Bank, I remember
a colleague throwing a DEC RA60 disk pack on the floor and hammering it to
destroy it...

My general feeling on this Act is that it will cause us all to consider who
does this outsourcing work, we may begin to find that the mechanisms for
checking out third parties (they need to be as good as us) might cause
people to bring this work back in house so it is under their direct control.
Currently I've got to go through our payroll company, the people who run the
general ledger and anybody who processes any other personal data on behalf
of the Council.

Andrew Fogden
Global IT Security Officer
The British Council
London

-----Original Message-----
From: [log in to unmask] [mailto:[log in to unmask]]
Sent: 09 February 2000 21:28
To: [log in to unmask]
Subject: Erasing data off disks


It seemed an unfortunate turn of phrase by the DP Registrar this evening (on
Channel 4 News) to say that it was up to organizations to *see* that that
data was erased from the hard disks of their old computers before disposal.

It is not possible to see magnetic data, is it?

The point seems to be worth making because so much of the discussion on this
list seems to be indicating the new DPA Act will be ineffective in so many
ways.   

How can hard disks be made completely unreadable short of physical
destruction?   Does not repartitioning just destroy some areas of the disk?


So to be effective would not the law have to require the electronic
equivalent of a paper shredder?

Ray Thomas, Social Sciences, Open University
Tel: 01908 679081 Fax 01908 550401
Email: [log in to unmask] 
35 Passmore, Milton Keynes MK6 3DY 

  


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%