Sunday, June 26, 2011

Staples May Inadvertantly Sell Your Data

In the June 22, 2011 edition of the local paper I saw this headline:
"WATCHDOG: STAPLES RESOLD HARD DRIVES WITH PERSONAL INFO"

The article went on to talk about the federal privacy watchdog says Staples Business Depot stores failed to fully wipe personal info and data from laptop computers they resold.  Apparently this has been an on-going problem, which is not good.  After the audit Staples responded saying it was actively testing several means of fully wiping data from returned products without damaging or destroying hard drives or operating systems.

Today's blog is about how to make sure this does not happen to you or your data.

The article did not say exactly how these problems manifested themselves but I can make an educated guess.  I suspect a scenario where someone buys a laptop, uses it for a few days, and then brings it back saying it's not for them or they'd like one that's a bit better.  But in the meantime while they had it they set it up for themselves and copied or stored data, not thinking it needs to be erased before bringing it back.  Or, perhaps someone bought an external hard drive to back up their stuff and then realized it didn't have enough storage space.  So they bring it back and trade it up.

So what can you do?  Here's a simple solution.  And you don't have to be any sort of computer whiz to do this.  If you have purchased a new laptop from Staples or Futureshop or whatever, and you've used it for a few days and saved stuff to it's hard drive, what can you do to make sure someone else doesn't have to deal with your data?

1. Open the Control Panel
2. Find/Click on User Accounts
3. Click on Manage Another Account (Win7)
4. Find/Click on Create a New Account
5. Give the new account a name (such as "BigMike" or "User2")
6. Put the radio dot on "Administrator" account (rather than Standard User) and then click the "Create Account" button.
7. Do not create a password.
8. Log out of your account (for the last time).
9. Log onto the new account from the Welcome Screen.
10. Go into Control Panel, find User Accounts, and delete your old account.
11. If it asks if you want to keep the files, say NO.
12 Log back out and turn off machine.

It's ready to go back to the store now, or even to give to your neighbour or relative without fear of your data being accidentally left on there.  As long as you didn't store data in any other folder other than your own Documents/Pictures/Music folders, all your old stuff should be gone now.

The other thing you could do would be to do a Restore to Factory Default on the laptop.  This takes a long time, however, and is probably not necessary unless you've got a virus or corrupt data.

If I were the Tech Director at Staples, even though it would take extra time, I would insist all the techs learn how to restore to factory settings for laptops so there's almost no chance of any old data being found.*  That said, read how data is erased below.

Until next time,
Happy Computing!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*NOTE: You have probably heard that even when you delete data from a hard drive it is not really "gone."  This is true but let me tell you what the means.  When you delete a file or folder from a hard drive, it normally goes to the Recycle Bin.  While in the Bin it can be restored if necessary, so you know it's not really gone permanently.  If you hold the Shift button down while deleting a file or folder, it will ask you if you want to "permanently" delete this file.  That's because when you hold the Shift key down while deleting it skips the Recycle Bin and erases the index entry on the hard drive.  In effect, the file is deleted and it would be difficult to get it back.  Difficult that is, but not impossible. 

When the index entry is erased, it's sort of like removing a section from the Table of Contents of book.  Just like a ToC in a real book, it doesn't delete the actual pages where the information is written, but it erases what page it was on, making it difficult to find again.  The file or folder can still be recovered again with not too much trouble if you know what to look for.  As soon as another file overwrites the spot where your file or folder was, it is essentially gone.  Same goes if the drive is defragged.  Your data is "gone" for all intents and purposes.

The RCMP has software that can get back data that has been deleted or defragged up to 6 times.  If you are REALLY paranoid, you can download something called the "Guttman" process which erases and overwrites the hard drive 7 - 32 times.  Very little chance of getting your data back if you run this process.  You could also defrag the drive and each time will push your old data further and further away from being resurrected.