Data security on used devices…

The second hand market is booming as we all want to upgrade our devices regularly, but budgets are tight. What are the data security implications of second hand devices and how easy is it to access the previous owner’s personal information?

Many studies have taken place whereby devices have been purchased randomly and data recovery performed. The results of these studies are widely available. We often recover data that a user is unable to verify and nine times out of ten, this is personal information from a previous user. Residual data is a common problem and studies have shown that up to a third of second hand devices still contain data of varying types and amounts.

Leftover emails, texts and messages, together with photographs are most commonly recovered from mobile devices. Although previous owners may have deleted this data, deleted data is easy to recover and can easily resurface after a mobile device is resold.

Worryingly though, many of the second user devices we see with residual data have been ‘cleaned’. Clearly these attempts to wipe any residual data have failed. Simple data recovery programmes that can be downloaded free from the internet are able to recover this residual data.

Hard disk drives and solid state drives contain much more residual data. Approximately half of all second hand drives we see contain residual data. Quick formatting is often the preferred choice for users when they sell their device. Low level formatting is a time consuming process, but the only effective way of rendering data unrecoverable. Secure erasure software is even better still. Incompletely wiping a hard drive or solid state drive can leave a considerable amount of data waiting to be exposed.

When a user sells their device, personal privacy should be paramount. If selling to an agent, don’t rely on them to wipe your data. Research your device and find out what application is best to permanently erase your data and reset to the factory settings.