Washington state agencies face the same issue that confronts private citizens when it’s time to update their personal computers. How do you safely dispose of your old computer in an environmentally sound way that does not leave your confidential information stored on the computer’s hard drive?
A performance audit we released in April revealed some problems with the way state agencies were disposing of used computers.
We took a look at how well 13 state agencies were doing by examining used computers they had sent to the state surplus program for distribution or resale to the public. Most of the agencies had removed the information stored on the hard drives of computers they had surplussed. Most had policies and procedures in place to comply with state requirements for safe data disposal.
Four agencies, however, had left confidential information on the computer hard drives they sent to surplus. Among the confidential data we found were: applications for public assistance, medical records, personal financial statements, employee performance evaluations, IRS tax forms, Social Security numbers, claims records, employment applications and information technology security information.
State laws require agencies to remove all data from this equipment. The presence of confidential information left on these devices is doubly troubling, as it represents a risk to the state and the individuals whose information could have been compromised through potential identity theft, fraud or IT security breach. You can read the report, “Safe Data Disposal – Protecting Confidential Information,” at www.sao.wa.gov/state/Pages/RecentReports.aspx#.U2kRP_ldV8E.