By Amber Corrin
Sept 23, 2009
Some Defense Department organizations haven't scrubbed data from
information technology equipment before disposing of the hardware,
resulting in the possible release of information that could be used for
identity theft, or releasing other sensitive DOD information, according
to an Inspector General audit.
An investigation by DOD's IG also found that one organization had lost
track of one unclassified computer entirely, the report said. The IG
released the report Sept. 21.
Also failing to meet guidelines was the Defense Reutilization and
Marking Service, the destination for much of the excess IT equipment in
question. DRMS processing centers are charged with ensuring proper
sanitization before the equipment is released for reuse by other
government agencies and non-governmental organizations.
The audit showed that several DOD organizations did not follow disposal
policies, did not properly train personnel or did not develop and
implement on-site procedures for the authorized release of IT equipment.
Unaccounted-for equipment and hard drives with leftover readable
information, including data such as Social Security numbers and e-mail
folders, comprised most of the instances of noncompliance.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News