Tuesday, September 4, 2007

Another One Bites The Dust: Warranty Hard Drive Replacement

By: D. Jones, Recovery Advocate

Enjoying your computer but one or more of the drives bites the dust? Realizing that it’s still under warranty solves only half the problem. What happens to that old, dead drive once your warranty service visits your home to replace it? Worse yet, what about when you ship your computer to the manufacturer for them to replace the drive at their facility? Both of these scenarios can be rife with identity theft opportunities.

As noted in a recent post on whatsnextblog, it has been shown that hard drive replacement could lead to data compromise. Manufacturers are supposed to wipe the drives with an industrial magnet, a technique called “degaussing”, before resale or render them unusable but that often doesn’t happen the way it should. One of our recovery advocates recalls a Dell computer drive that failed. The system was under warranty so a contractor made a house call to replace the drive. She asked if she could keep the old drive for security reasons and was told it was Dell’s policy to return the used drive. Daunted, but secure in the fact that the drive was new and therefore free from sensitive information, she watched as the drive was taken from her computer and removed from her home. Who knows what happened after that point? Its common knowledge now that the drives are repaired and resold but what happens to the info stored on the drives?

The auto mechanic industry has learned to honor our right to the broken, damaged parts that are replaced – why not the computer technician field? If we’ve paid for it, we should be able to keep the old part or be assured that our information is removed or the drive destroyed so that others can’t access it. Dell now has a policy that allows the consumer to purchase the damaged drive for an additional fee. As the article in the link states, at the very least, new manufacturers should revisit current policy on replacing dead drives or perhaps current laws need to be restructured to ensure corporate protection of consumer privacy.

No comments: