The Registrar probably meant see as in seeing the document declaring it had been properly deleted. Deutsche Bank used a third party to do this work, obviously the third party either didn't do what they signed to say they had done it or Deutsche Bank hadn't told them to destroy data or they hadn't checked the dockets. My understanding from forensics experts is that unless a disk is formatted anything upto 10 times, it would be possible to recover data, given real effort. This is extreme and would, I suggest count as excessive effort under the Act. Our disposals policy demands that all media is formatted before being disposed of. For floppies it is possible to open them up and cut the magnetic disk with a pair of scissors. CD ROMs are a pain as they raise health and safety dangers when you try to break them in half. Many years ago, while working for a competitor of Deutsche Bank, I remember a colleague throwing a DEC RA60 disk pack on the floor and hammering it to destroy it... My general feeling on this Act is that it will cause us all to consider who does this outsourcing work, we may begin to find that the mechanisms for checking out third parties (they need to be as good as us) might cause people to bring this work back in house so it is under their direct control. Currently I've got to go through our payroll company, the people who run the general ledger and anybody who processes any other personal data on behalf of the Council. Andrew Fogden Global IT Security Officer The British Council London -----Original Message----- From: [log in to unmask] [mailto:[log in to unmask]] Sent: 09 February 2000 21:28 To: [log in to unmask] Subject: Erasing data off disks It seemed an unfortunate turn of phrase by the DP Registrar this evening (on Channel 4 News) to say that it was up to organizations to *see* that that data was erased from the hard disks of their old computers before disposal. It is not possible to see magnetic data, is it? The point seems to be worth making because so much of the discussion on this list seems to be indicating the new DPA Act will be ineffective in so many ways. How can hard disks be made completely unreadable short of physical destruction? Does not repartitioning just destroy some areas of the disk? So to be effective would not the law have to require the electronic equivalent of a paper shredder? Ray Thomas, Social Sciences, Open University Tel: 01908 679081 Fax 01908 550401 Email: [log in to unmask] 35 Passmore, Milton Keynes MK6 3DY %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%