Beware of Information Theft When Disposing of Old Computers

Deleted files are often recoverable.

Churches frequently replace computers with newer, faster equipment. The “old” computers are either sold or given away. Some attempt is made to “erase” personal and confidential information from the old computers, but just how effective are these efforts? Is it possible that these old computers still contain personal and confidential information? A recent study by two students at the Massachusetts Institute of Technology (MIT) suggests that it is common for “secondhand” computers to contain personal, non-deleted information from the original owner. The students purchased 129 used computers on Ebay and from secondhand computer stores. Of these 129 computers, 69 still contained “recoverable” personal data from the original owner! What kind of personal data was recovered? Medical data, personal correspondence, diaries, pornography, and hundreds of credit card numbers.

How could these used computers still contain recoverable personal information when the original owners insisted that they “deleted” all computer files before disposing of their computers? The answer lies with Microsoft Windows, which does not really “delete” files that users delete. Instead, only the names of files are deleted. This “tells” the computer that the space occupied by the deleted files is “empty.” But, the files themselves remain on the computer’s hard drive until they are later overwritten by new data. In some cases, the “deleted” files are overwritten by new data weeks or months later, but in many cases the files are never overwritten and so they remain intact and can be recovered by any “file recovery” program. As the MIT students discovered, it is common for secondhand computers to contain files that the owners thought they had deleted.

What is the relevance of this to church treasurers? Think of the highly confidential information that is contained on church computers. Examples include members’ names and addresses, and in some cases other personal information; members’ contributions; church financial records, including bank account numbers and PINs; church credit card numbers; the credit card numbers of members who made contributions by credit card; and personal correspondence. The retrieval of such data by a subsequent owner of the church’s computer could be disastrous.

What steps can church leaders take to protect against the inadvertent transfer of recoverable confidential information on obsolete church computers? As we have seen, “deleting” files is not enough, at least when using Microsoft Windows. There are several software programs that will effectively erase all of this information so that it cannot be recovered, and many of these programs are inexpensive (less than $30). Programs that erase data using United States Defense Department compatible methods include CyberScrub, Window Washer, BC Wipe, and Eraser. Each of these programs has won awards from computer magazines. There are many other options available. These programs are sometimes called “file shredding” programs.

One more tip. If you sell your computer to a secondhand computer store, don’t take their word that they will erase all of the contents on your computer. It’s best to do so yourself, so long as you have the proper software.

This article first appeared in Church Treasurer Alert, March 2003.

Richard R. Hammar is an attorney, CPA and author specializing in legal and tax issues for churches and clergy.

This content is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. "From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations." Due to the nature of the U.S. legal system, laws and regulations constantly change. The editors encourage readers to carefully search the site for all content related to the topic of interest and consult qualified local counsel to verify the status of specific statutes, laws, regulations, and precedential court holdings.

ajax-loader-largecaret-downcloseHamburger Menuicon_amazonApple PodcastsBio Iconicon_cards_grid_caretChild Abuse Reporting Laws by State IconChurchSalary Iconicon_facebookGoogle Podcastsicon_instagramLegal Library IconLegal Library Iconicon_linkedinLock IconMegaphone IconOnline Learning IconPodcast IconRecent Legal Developments IconRecommended Reading IconRSS IconSubmiticon_select-arrowSpotify IconAlaska State MapAlabama State MapArkansas State MapArizona State MapCalifornia State MapColorado State MapConnecticut State MapWashington DC State MapDelaware State MapFederal MapFlorida State MapGeorgia State MapHawaii State MapIowa State MapIdaho State MapIllinois State MapIndiana State MapKansas State MapKentucky State MapLouisiana State MapMassachusetts State MapMaryland State MapMaine State MapMichigan State MapMinnesota State MapMissouri State MapMississippi State MapMontana State MapMulti State MapNorth Carolina State MapNorth Dakota State MapNebraska State MapNew Hampshire State MapNew Jersey State MapNew Mexico IconNevada State MapNew York State MapOhio State MapOklahoma State MapOregon State MapPennsylvania State MapRhode Island State MapSouth Carolina State MapSouth Dakota State MapTennessee State MapTexas State MapUtah State MapVirginia State MapVermont State MapWashington State MapWisconsin State MapWest Virginia State MapWyoming State IconShopping Cart IconTax Calendar Iconicon_twitteryoutubepauseplay