Researchers are examining 250 pieces of recovered electronic equipment, including conventional hard drives and solid-state drives, the association noted in a release. They’ll be looking to see if any sensitive data remains.
The concept of doing random testing of information destruction technology for its efficacy has been in place since at least 2000. That’s when a team of researchers obtained 158 random used hard drives and used forensic analysis to check whether they had truly been wiped of all data, according to NAID.
Researchers were surprised to find personal information remained on many of the devices.
“As startling as that result was, so was the discovery that some of the hard drives on which personal information was found had previously been deployed in government, banking, and healthcare, all of which have regulations protecting their associated data,” according to the release.
In its new study, NAID says “there will be no public shaming” of data destruction companies that failed to completely destroy personal information. Instead, the data will be aggregated when it’s presented to the public. But NAID plans to offer its specific findings to regulators, “should they wish to investigate further.”
Although NAID is paying for the study, the research is being carried out by a third party to avoid any conflict of interest and ensure reliability, according to NAID. The results will be released during the group’s annual conference, to be held March 22-24 in Las Vegas.