I remember getting a hand-me-down laptop some years ago. It came to me through the IT department of the company I was working for at the time (not Ziff Davis). As I was setting the system up, I discovered that the network privileges on the machine gave me access to the server-based My Documents folders for every employee in the company, including the CEO and CFO. I also found a collection of files and a record of the previous owners browsing still stored on the PC. I was startled, and despite thinking for a moment, “Oh, now what will I find here,” I returned the laptop to the IT department, asking for someone to clean the machine out and make sure that it no longer contained someone elses data.
I didnt blame the folks in IT for this oversight, but I was shocked at the stupidity of the person who had used the laptop before me. Recently I saw an article on CNN.com that got me thinking about this all over again. In Kentucky, state auditors discovered a PC for sale that contained the identification of AIDs patients across the state. Fortunately, the auditors discovered the mistake before anyone outside state government bought the PC.
Whats scary is that this is the kind of problem that could easily get out of hand in a hurry. For years, many of us have been handing down PCs to relatives, donating old systems to schools in need, and of course, repurposing outdated PCs at work. Throwing out old PCs goes against everything weve been taught about being fiscally responsible, so many consumers and businesses hang on to the systems. If these PCs were loved by their original owners, then it stands to reason that the hard drives are chock full of documents, presentations, spreadsheets, e-mail, personal notes, photos—you name it. Most people know enough to clean out the My Documents folder under Windows and, on Apples Jaguar OS, the Go/Home folder, but thats not enough. There are browsing records stored in Windows temp files, and Windows XP multiplies this problem by creating separate caches for each system account.
Even altruism (or the hope of a tax deduction) can end up biting you in the butt if youre not careful. PC recycling is moving beyond grass-roots efforts and becoming a more organized and regular practice encouraged by everyone from environmentalists to PC manufacturers. HP, for example, gives you $50 toward the purchase of new products when you recycle computer equipment. This is, of course, a good thing. The problem is—you guessed it—hard drives that have been partially but not fully cleaned and are being sent to schools and libraries around the country. HP at least goes as far as breaking old PCs down into reusable components. The company doesnt actually pass along complete PCs to anyone. But as with many other companies that encourage PC recycling, HP doesnt make any promises about removing confidential data. Heres what youll find in the companys recycling service FAQ.
“Q: What if I forget to remove my confidential data from a hard drive before shipping it?A: HP is not responsible for any data that is left on the hard drive. The customer should remove any data from the hard drive prior to shipment.“
This is not very comforting. One would think that HP would offer some advice on how to ensure that the private data is removed. Not so.
By the way, private data isnt all we can unwittingly pass along. Viruses can make the trip, too. Imagine a local high school getting a PC from a neighborhood family. Students begin using the system immediately, reading floppy disks, writing to them, and passing them from computer to computer—along with the virus that was lurking on the donated system. Another good deed gone bad.
At PC Magazine, when executives and senior managers get new systems, underlings often inherit the old models. In every instance, though, our IT guy essentially blows away everything on the hard drive and sometimes, using a disk-imaging application, installs new applications and network domain settings before delivering the laptop or desktop to its new owner. The only exception to the rule is PCs for freelancers. It that case, a somewhat more cursory cleanup is performed before the system is pressed back into duty for the next freelancer.
Heres a rule that will serve you well: When a laptop or PC is about to be passed on, it should be as clean as the day it was built. Even the OS should be replaced. In other words, reformat the drive. Yes its a pain and, sure, leaving a few old apps and the remnants of a network configuration would be easier and might make the whole thing simpler for the next person to use. But thats also a sure way to expose yourself to a whole bunch of strangers.
More columns from Lance Ulanoff: