Sign in with
Sign up | Sign in
Your question
Solved

Legal problems with redistributing used HDDs

Tags:
  • Computers
  • Hard Drives
  • Business Computing
Last response: in Business Computing
Share
November 11, 2013 2:19:28 PM

Hey,

I work in a surplus store that takes surplus from an affiliated campus and sells said surplus for returns on outdated equipment. A lot of what we get are computers, and the campus says they require a onepasszero wipe before any computers (or HDDs) can be resold.
Recently we acquired towers from a private source that did not request a onepasszero wipe. We are considering just deleting existing accounts and their associated data and making a passwordless admin account in the interest of time (onepasszeros take 30 mins to 2 hours depending on HDD size). The towers come with OS product keys, so the OS that is on the HDDs usually matches the tower they came from. If not, we will wipe and install the correct one to avoid counterfeit OSs, but my question is:

If we do just delete existing accounts and make new blank ones, essentially deleting all personal data, is there a possibility we could still run into legal problems with under-the-radar files like registries, programs on the HDD but not windows itself, or any other knit-picky legal issues?

Thank you

More about : legal problems redistributing hdds

Best solution

November 11, 2013 2:24:32 PM

There is always the possibility of litigation, and most companies go through extraordinary measures to ensure that nothing can come back on them. To be safe, the best practice would be to wipe the drive (simple remove partitions), then reinstall the OS on the drive.

To be absolutely sure that nothing can come back to haunt you, do the onepasszeros erase of the hard drive to ensure that nothing is on the computer.
Share
November 11, 2013 2:30:16 PM

Absolutely so. Just look online as to how much data theft, identity theft, personal images, ect. have been taken from computers bought used that were "wiped" in exactly the method you mention. There is a REASON the campus you do turn-arounds from requires you to wipe the data in a secure manner.
m
0
l
Related resources
November 11, 2013 3:02:44 PM

elementface said:
If we do just delete existing accounts and make new blank ones, essentially deleting all personal data, is there a possibility we could still run into legal problems with under-the-radar files like registries, programs on the HDD but not windows itself, or any other knit-picky legal issues?


That's pretty much the nail on the head. What other programs are still on the hard drive you don't have the licences for? That, and all the personal information that stays on the hard drive until it's physically overwritten. It's not enough to just delete the files and folders, they've got to be overwritten. You can delete files, folders and quick format partitions and hard drives but unless it's actually overwritten it's still there for other people to recover.

Wiping the hard drive also keeps you, and the subsequent owner, legal if there's anything illegal on the hard drive. This could be anything from the software itself to inappropriate images (read as kiddie porn or worse).
m
0
l
November 11, 2013 3:33:11 PM

Hi

Even if you offer to supply these PC's with Linux buyers will want Window installed

Microsoft will sell Windows to PC refurbishers under a special scheme

http://www.microsoft.com/oem/en-gb/licensing/sblicensin...

If you have Dell PC's with XP licence stickers you could get a Dell XP recovery CD to re install XP but for later PC's with Vista & 7 this is unlikely to work unless the Recovery Disk was for exact same model .

If you try to avoid full hard disk wipeing using DBAN or similar and create a new account, you would have to empty the recycle bin from each account
Run CCleaner from each account.
remove all old accounts

Run Eraser on all free space on hard disk.
This would take a long time (much longer than runing DBAN single pass)
and if not done properly would leave data that could be recovered

Actually it is the duty of the original PC owner to destroy confidential data before disposing of the PC,
If the refurbishing company under took this on behalf of the seller but did not do the job properly they could be sued


regards

Mike Barnes
m
0
l
November 11, 2013 3:35:44 PM

I remember this news where some bank that threw out their old computers and this dude manage to get data back dating back 5 years!
m
0
l
November 11, 2013 4:10:00 PM

It takes more than just a single "onepasszero" wipe to completely sanitize a drive. If you're not doing a full 7 pass DOD wipe (at a minimum) then you are exposing the previous owner's data to possible recovery, and yourselves to possible legal action.
m
0
l
November 11, 2013 4:20:44 PM

best way is to use a industrial shredder to "wipe" the data.
m
0
l
November 11, 2013 4:49:33 PM

lp231 said:
best way is to use a industrial shredder to "wipe" the data.

Even better is a very large electro-magnet with a small chamber in the middle just large enough for a hard drive. One blast of 60Hz from one of those and even the NSA couldn't get anything useful off of it. It renders the drive completely useless as it erases the servo tracks that are used to position the heads. Only the factory can rewrite those tracks.
m
0
l
November 11, 2013 4:58:08 PM

Wow, lots of good and bad answers.

I pretty much knew a onepasszero would be the safer option. As to leaving info still available even with onepasszeros, that's only if the hard drive has bad partitions that the hard drive stays away from but are still somewhat readable with special equipment. We do a full parity and partition check just to make sure there are no residual partitions that could not be erased, even with DoD level wiping techniques. If we detect anything at all wrong with the harddrive, it is crushed and mixed in with 100s of other crushed HDDs.

Thanks for the help
m
0
l
November 11, 2013 5:21:31 PM

elementface said:
Wow, lots of good and bad answers.

I pretty much knew a onepasszero would be the safer option. As to leaving info still available even with onepasszeros, that's only if the hard drive has bad partitions that the hard drive stays away from but are still somewhat readable with special equipment. We do a full parity and partition check just to make sure there are no residual partitions that could not be erased, even with DoD level wiping techniques. If we detect anything at all wrong with the harddrive, it is crushed and mixed in with 100s of other crushed HDDs.

Thanks for the help

I can pretty much guarantee you that your "wiped" drives can be recovered with the proper tools, techniques, and time. I've witnessed data recovery on drives that had been repartitioned, formatted (long format), & written with random 1's & 0's to a total of 8 levels deep. Don't delude yourself into thinking you're safe.
m
0
l
!