Thoughtlessly throwing away your PC means its hard drive may end up on eBay with your files being read by juvenile delinquents bent on the mischievous.

Or at least that's the impression you get about this time of year, every year, as another wave of media coverage erupts These are not acceptable ways of providing references.  Some coverage is quite snide about the danger of letting your files get loose in the wild. You might come to suspect that there is someone manufacturing this news.

Here's a clue:

•    Yes, there is someone manufacturing that news.
•    However, it's still a real problem.

The recurring news coverage is a byproduct of an annual survey co-sponsored by British Telecom, the privatized former state telecommunications carrier in the UK and a UK electronics recycling firm.  It's carried out by three small universities that are, shall we say, off the beaten path.  The lead is the University of Glamorgan in southern Wales located in the town of Pontypridd, 10 miles northwest of Cardiff. In the US, the research is handled out of Longwood University in Farmville, Virginia, which is about halfway between Richmond and Lynchburg. Edith Cowan University in Perth, Australia, is also involved.  Each year they buy up a total of 300 second-hand computer drives though on-line auctions and computer fairs in the UK, the US, Germany, France, and Australia.  Then, of course, they examine the contents.

This year's results: Thirty-four percent of the drives contained identifiable personal or enterprise data (http://news.glam.ac.uk/news/en/2009/may/07/one-three-second-hand-hard-disks-contain-sensitive/).  The rate in 2007 was 37 percent, while in 2006 it was 34 percent, and in 2005 it was 52 percent.  So there appears to have been no real improvements in the last 4 years. (We'll assume that 2005 was an anomaly.)

Some embarrassing examples uncovered this year included personal information on Lockheed-Martin employees, plus corporate facilities blueprints and security procedures.  Also discovered was the test launch procedure for the recently developed Terminal High-Altitude Area Defense (THAAD) ground-to-air anti-missile missile system, for which Lockheed Martin is the prime contractor. We can guess where that hard drive came from.

A disk sourced in France produced confidential files from the German embassy in Paris, although there was nothing on it about anti-missile missiles.  A US drive showed banking information about a large currency exchange with correspondence showing it was already under regulatory scrutiny.  Corporate data from a UK fashion design house and a car maker also surfaced.  There were also patient records from two UK hospitals and an Australian nursing home.  The latter included pictures of patients, and details about their conditions.  In previous years they have found salary details, corporate financial data, bank account details, credit card account details, medical data, visa applications, details from on-line transactions, and, of course, porn.

Obviously, these headlines would not be happening if people were in the habit of encrypting their files.  The investigators would find only gibberish.  They would lose interest and go back to doing whatever small universities in out-of-the-way places do.  The alternative is to render the drive non-functional, often by drilling a hole in it, but degaussing and shredding has its advocates. The first two will defeat casual inspection, but against nation-state espionage, even shredding might not be enough.

The problem is that destroying the hard drive also destroys the resale value of the PC.  If that's an issue, an alternative is to delete the data files, but they must be over-written multiple times to really erase them, and that can take hours on a large drive. (Standard deletion simply removes a file from the disk directory—the data is still on the disk.)

So the only answer, really, is encryption, thorough destruction, or embarrassing headlines.