Be careful when recycling or selling used mobile devices and computers. Sometimes sensitive and private information can be accessed on your device even after it has been “erased,” making it a gold mine for criminals.
Identity theft is the fastest growing crime in the United States, and criminals will use any possible method to get hold of your personally identifying information. If you are a victim of identity theft, you could spend countless hours and thousands of dollars in clearing your name.
Erasing Data from Mobile Devices
When you’re ready to buy a new mobile phone or tablet, the one you’re replacing is often just a few years old. There are plenty of people who will happily buy or accept a used mobile device, to keep them out of landfills or to help a charity or person in need.
Data from previous owners – including ownership details, contacts, texts, and emails – can easily be retrieved from used devices with a little know-how. Resetting a phone, a popular practice among resellers, appears to erase data. But this data can be resurrected using specialized yet inexpensive software found on the Internet. Clearing the data through the phone’s interface is not a secure method either.
For instructions on effectively erasing data from mobile devices, see these IS&T pages:
- Media Sanitizing reviews steps to consider when recycling or reselling your device.
- Mobile Device Ninja provides information on MIT-supported mobile platforms. Select yours by clicking on the logo, which links to a step-by-step guide on wiping data from the device.
Erasing Data from Computers
Recycling or reselling an old computer or laptop can also be risky or complicated. Disposal of computers involves planning, time, and money, so many old computers often gather dust in closets, attics, and warehouses.
When you’re ready to dispose of a computer, the same caveats apply. Deleted data can sometimes be retrieved. Tossing files into the computer’s trash bin and then emptying the trash deletes the record of the file, but not the data the file points to. Think of it as removing the labels from folders in a file cabinet: the folders and the information in them still exist, even if retrieving the data now takes considerable effort. The same is true if you reformat a hard drive: it is still possible for someone with the right tools to retrieve the data.
For guidance on securely erasing (or “wiping”) data from a computer, check out these resources:
- The Removing Sensitive Data article in the Knowledge Base, which includes Software Options, will get you started.
- For standards regarding the protection of personal data, see the Information Protection @ MIT website.
- If you don’t find the answers you’re looking for, talk with your local IT support provider or contact the IS&T Help Desk at 617.253.1101 or firstname.lastname@example.org.
When erasing data is not possible because of the computer’s condition, physically shredding or otherwise destroying it is the only way to protect the data from access. If your DLC has a contract with Distributed IT Resources (DITR), ask your DITR consultant about these options. Another option is to go through a third-party service; MIT partners with the vendor Intechra.