Protecting data is crucial when disposing of electronics

By Ryan Marshall  Oct 1, 2017

An old desktop computer sitting in a closet. The old cellphone turned on and forgotten in a desk drawer. Even an old copier or printer at a business that is being replaced.

All are outdated electronics, and all are dripping with data that could provide identity thieves with vital information.

Most people don’t understand how much data is on their machines and devices, said Steve Chafitz, president of the Frederick company e-End, which specializes in electronics recycling and secure data sanitization.

“Everyone has old equipment lying around that has data on it,” Chafitz said.

The company that he founded with his wife, Arleen, who serves as its CEO, works with private companies to make sure that data is disposed of properly.

The company also has contracts with government agencies to destroy data on discarded devices and certify that the equipment has been recycled according to required standards.

For some jobs, the computers’ hard drives are chopped up into tiny pieces.

But for more sensitive ones, the drives are first run through a degausser, an extremely powerful magnet that destroys all the data and makes the drive unusable.

Businesses and others have been becoming more aware of the importance of disposing of equipment, Chafitz said.

Still, a lot of people think that it’s good enough to just reformat your hard drive or delete your files before getting rid of a device, Chafitz said.

But deleting the information just marks it so that the computer knows the data can be overridden, and doesn’t get rid of the data, said Zuly Gonzalez, co-founder and CEO of the Baltimore cybersecurity firm Light Point Security.

Before co-founding Light Point, Gonzalez was a cybersecurity expert for the National Security Agency, and she serves on the Maryland Cybersecurity Council.

Gonzalez said she’s heard of people going on eBay and other sites and buying used electronics to see what types of information they can get.

Laptops, phones and other devices retain information about who you’re communicating with and where you’ve been — the particulars that can help others find out about you.

“Cellphones have tons of data,” Chafitz said.

The popularity of smartphones has made people more aware that they contain lots of data, said Hugh McLaurin, owner of the central Maryland branch of the electronic recycling and destruction company Securis.

He said his company shreds a lot of cellphones, and people often want to watch while they’re destroyed.

Even something as basic as what apps you use on your phone to communicate with people can help cybercriminals figure out the best way to contact you in an attempted scam, Gonzalez said.

One of the most sought-after types of data is health care data, both Chafitz and Gonzalez said.

Health data goes for much more money on the black market than other information such as credit card information or passwords, Gonzalez said.

It is not only a complete set of data, but also information that is hard to change.

If someone steals your credit card number, you can cancel your credit card, Gonzalez said.

“You can’t do that with health data,” she said.

Despite the increased awareness of the vulnerability of data because of high-profile data breaches at the credit-monitoring company Equifax, eBay, and other companies in recent years, McLaurin said he still sees people making some basic mistakes.

He said his company has contracts with several municipalities that collect electronics for disposal.

Even if your municipality has an electronic recycling program, you should still take the hard drive out before putting a computer out to be collected, McLaurin said.

While people’s awareness of the vulnerability of their data on old electronics has increased, many people still don’t grasp the severity of the problem, Chafitz said.

“They don’t get it.”