Like most small business owners, I worry a bit about losing data from my computers, particularly when I travel with a laptop. As a result, I back up automatically with SuperDuper! every week. My Treo PDA/phone (aka “smart phone”) is part of my general sync-and-backup system, so if I lose the Treo, I can simply restore its data from one of the computers.
But today my husband pointed me to a story in The Washington Post (reprinted in the Seattle P-I) that made me realize there’s something that could be scarier than data loss. That’s data retention.
It turns out that even when you “hard reset” your old mobile phone or PDA to erase all the data when you sell it or recycle it, all that happens is that you, and the PDA, can no longer access the data. The actual data is still there, because the flash memory in the device stubbornly holds on to it. The erasure is limited to only the pathways that link from the PDA software to the data. So, of course, hackers have discovered that it’s easy to run special software on discarded mobile phones and PDAs that creates new pathways to the former owner’s data and make it once again accessible — to them.
The Post story describes a security company that bought 10 used smart phones on eBay and recovered troves of personal information about the previous owners. With more and more folks keeping business emails and personal finance spreadsheets on their PDAs, this is very bad news indeed.
The good news is that you can permanently erase data from your handheld device when you prepare to sell or recyle it. It just takes a bit more effort than you’d thought. The Post article advises checking the manufacturer’s site for information on how to perform not just a regular reset but a “zero-out reset” or “factory reset.” The “zero-out reset” overwrites all the data with “0”s and “1”s that won’t be of much interest to anybody.