A string of recent reports spotlight the reputational risks of mishandling confidential or personal information. For example, two MIT graduate students collected 158 hard drives from eBay and other resellers and found that over 30 percent contained sensitive information, including credit card numbers. A team of University of British Columbia graduate students recently found information about defense contracts between the Pentagon, Department of Homeland Security and Northrop Grumman, a large military contractor as well as credit card numbers and family photos on hard drives purchased in Ghana.
A different team of researchers discovered information about defense contractor Lockheed Martin including a document detailing test launch procedures, blueprints of facilities and employee social security numbers on a computer purchased online.
Private and confidential data stored on computer hard drives also pose legal risks. The Health Insurance Portability and Accountability Act (HIPAA), Fair and Accurate Credit Transaction Act (FACTA), and The Gramm-Leach-Bliley Act (GLB) offer three examples of laws that require specific industries to implement and document electronic data destruction procedures. Similarly, the Sarbanes-Oxley Act requires businesses to protect confidential information that could devalue the company if compromised. Non-compliance subjects companies to regulatory fines or lawsuits.