Deleting Data Vs. Destroying Data: The Difference Can Be Damning

Register now

Since last August, dating site Ashley Madison has become notorious for more than just infidelity; it’s become the poster child for the data breach debate– and confusion between ‘deleting’ and ‘erasing’ data for good.

Amidst all the media backlash and shaming of the site’s users, one thing is certain. Ashley Madison broke the cardinal rule of overpromising and under-delivering – they charged users a $20 fee for the ‘Full Delete’ service purporting to remove their data, but the data was not completely erased and was still intact.

The site wasn’t the first to be hacked and it won’t be the last; but what is unique about this specific case is that the tech and IT staff inside the site’s organization haven’t learned what they really should from the mistake.

Attempting to repent for its ‘sins’ – so to speak – and make good with distraught customers – Ashley Madison rolled out a new “discreet photo” security tool that lets users hide their identity on their profile page by choosing from two different masks (black or brown), a black bar that covers their eyes or four different degrees of blurring.

While this new feature is somewhat interesting, it’s not really what I would deem to be the best corrective action to take after they failed so miserably to remove customer data. Rather than address the big issue – the failure to remove user data completely and permanently – they’re just putting a very ineffective and flimsy Band-aid over the injury.

Rather than let users put a mask over their profile photos, I’d caution the dating site to take stock of the cause of the breach (not the breach itself) and focus on changing things seriously so that cause doesn’t – and can’t – ever happen again. Here’s what I would advise them.

Collect data, but do it responsibly.

Protecting data at the end of life starts before you even allow it into the enterprise. Before data is collected and processed, set clear definitions for all types and levels of profiling implemented by your organization. Communicate your plan with data subjects so that they are aware of the intended purpose behind collecting certain data.

A concern was raised following the Ashley Madison hack that bogus accounts were being created in order to blackmail individuals. It was found that the only verification needed to create an account was an email address. Part of collecting data responsibly and protecting individuals’ data is also making sure that there is an identity verification process in place that dissuades this type of activity.

Do your due diligence and review everything you have - and don’t have.

It may seem like an obvious point, but the number of businesses that don’t keep up to date documentation of where all of their data is stored is a serious cause for concern.

Data is stored onsite on network servers, hard drives, solid state drives, computers, smartphones and tablets, but it’s also maintained offsite with third party data centers and cloud storage providers. It’s everywhere and there are multiple people involved in the process at different stages.

So what should businesses like Ashley Madison do? They should create a detailed account that can be communicated with internal departments and stakeholders of all of the physical, virtual and logical places that data is stored.

Once all data has been located, it’s necessary to determine which data should be kept in a secure environment and which data is no longer needed and therefore, must be completely erased so as to never resurface again. This needs to be documented, communicated and shared with your internal staff (across all departments) as well as to your customers.

So if your privacy policy – or a service like ‘Full Delete’ – tells customers that once they remove their account, all of their personally identifiable information is irrevocably erased, your company better honor that. 

Get rid of it – for good.

There’s so much myth and confusion around the ‘deletion’ of data. Is it an effective method? Does it remove data completely and permanently so there’s no possibility of it ever being retrieved, or worse, hacked? Is there proof that the method used to ‘delete’ data actually got rid of the data for good? And as the Ashley Madison mistake proved, it’s not just everyday users who make this mistake. Even those who work in IT and technology don’t necessarily understand the difference.

Here are the facts. ‘Deleting’ data only removes pointers to the data – creating the illusion that the data has been removed, when it can still be accessed and retrieved.

Instead of pushing the promotion of their new ‘hidden masks’ feature on the site, Ashley Madison should be telling customers and the media that it’s either in the process of, close to finalizing or has finalized the purchase of a technology solution that achieves all of the following:

Randomly overwrites data with 0s and 1s, in accordance with legal requirements (remember, other methods such as reformatting hard drives are not adequate and a factory reset does not work on Android devices)

Has been tested, certified and approved by leading governing bodies such as NATO, NIST, CESG, etc.

Provides physical proof of the ‘erased’ data

(About the author: Pat Clawson is CEO at Blancco Technology Group)

For reprint and licensing requests for this article, click here.