Last month, I wrote an article about recycling your old computers (see link below). The methods I talked about included donating them to a charity or sending them to a recycling center that will reclaim usable parts and safely discard the rest.  A couple of readers wrote to tell me I failed to mention what I thought was obvious: the need to completely wipe clean the hard disk before giving away your computer.

Kate Mcgee of Oracle wrote, "You should be aware that data continues to exist on hard drives, PDAs, etc.  Before they are donated they need to be wiped to Level 2 for most company proprietary stuff, and anything that you may have used for classified projects will have to be wiped to Level 7, or anyone can access that data."

Cigital security consultant James Stibbards sent me a link(http://www.sltrib.com/2003/jan/01162003/business/business.asp) to a recent story in The Salt Lake Tribune that points out what can happen if you fail to properly and completely remove all data from your hard drive before giving away the computer.  It seems that a pair of graduate students at the Massachusetts Institute of Technology's Laboratory for Computer Science led a project to collect old hard disks to see what information could be harvested from them.

Students Simson Garfinkel and Abhi Shelat collected 158 used hard drives, most of which were purchased on eBay or at secondhand stores.  They discovered that 69 of those disks had recoverable files on them, yielding everything from medical correspondence, love letters, pornography, to credit card numbers and ATM transactions with account numbers.

As most IT professionals know, deleting a file does not mean it is gone from the disk; the file's name is simply gone from the computer's directory.  Even formatting a hard disk may not be enough to clear off the files.  The MIT students found that 51 of the hard disks they tested had been formatted; yet 19 of them still contained recoverable data.

The U.S. Department of Defense has outlined a number of methods to remove unclassified data from its computers before the PCs are redistributed.  The method chosen for use would be determined by the type of data on the disk.  Among the methods are:

* Deleting - making the files unreadable unless recovered by utility software or other techniques.
* Overwriting - replacing data with zeroes or other meaningless data.
* Degaussing - applying a magnetic field to a magnetic medium to make all data unreadable, typically making the disk permanently unusable.
* Destruction - physically destroying the disk so that no data can be recovered in any way.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.