Serious security breaches have been found by the WA Auditor General in procedures for the disposal of computers by the WA Government. A recent report Public Sector Performance Report 2008: Report 1 - March 2008 identified serious shortcomings in the procedures for removing data from computers prior to disposal, and inadequate guidelines for agencies.
The report found:
- An examination of 10 computers bought at auction found that four contained recoverable data, including confidential and sensitive data, including information about public sector employees, detailed technical information about agency IT systems and documentation of their internal software development projects.
- None of the seven sampled agencies had comprehensive policies or procedures for secure removal of data from computer equipment prior to disposal. While all agencies did have a process in place, they were either inadequate or not applied consistently.
- Government guidance on appropriate methods of removing data from computers prior to disposal is limited. This has contributed to some agencies using methods that do not provide adequate security while others, arguably, exceed reasonable requirements.