The answer is no. One of my news filters picked up a story by greenvilleonline.com on allegations that Clemson University had gotten rid of computers with sensitive data on them. As far as I can tell, hard drive encryption software like AlertBoot's data protection solutions hadn't been used, so there is a small but real danger of sensitive information being at risk.
However, it looks like the issue is actually a small part--a mere tactic--in a bigger case that's proving to be quite salacious, per the filed complaint. How did I arrive to this conclusion? The only mention of computers is on paragraph 26e, a single-sentence statement among a myriad of other serious allegations running over forty pages long.
And, yes, I read the entire filing.
...based on the original article, I was going to point out that hard disk drive encryption can effectively minimize impacts of data breaches due to discarded computers. This is because encryption, once implemented, is part of the data: if your computer goes to the junkyard, the data on that computer is still protected. If it goes to Saturn, the data's still encrypted.
(In fact, the value of encryption starts with the first file you ever create on a computer, since there is no guarantee that a computer will not get stolen or lost prior to the user tossing it.)
The "permanence" of encryption is useful when an organization, be it a university or a car dealership, does not have adequate computer disposal controls: that is, computers get tossed without a thorough job of examining whether sensitive data's on them.
And it's common knowledge that it's impossible to find and get rid of all sensitive data found on a computer. The best method of ensuring data security after the end-of-life of a computer is--if the information is not encrypted to begin with--is to delete the contents many times over or to pulverize the data storage device--disks, CDs, flash drives, etc.--to smithereens.
So, if this had just been a matter of Clemson not having effective controls, encryption would have protected data for any computers they tossed, during their useful life and beyond.
A little more digging on the story, though, revealed that the original article I had read was an addendum to a larger, on-going debacle, including allegations of financial mismanagement and lying to state and US senators about the theft of laboratory equipment worth hundreds of thousands of dollars.
It seems quite obvious to me that the allegations of data breaches are not about data breaches at all, but legal sniping from one camp to another. In other words, it's about controlling what's going to show up in court proceedings.
In fact, the issue of data disposal is a moot issue at this point because Clemson has apparently invested in a disk pulverizer. With about 1,500 computers being retired each year, that crushing machines is probably seeing a lot of action.
That said, hard disk encryption software might be a good idea, regardless. I mean, astronomy equipment worth six figures was stolen, which included a computer to keep track of where the equipment was pointing at in the sky. The thieves cut through a chain-link fence and the roof of a trailer. And from the description of this equipment, it doesn’t' sound like something you can just pick up and pocket. I figure it that can be stolen, so can a bunch of computers from administrative offices.
Related Articles:http://www.greenvilleonline.com/article/20090105/NEWS01/90105023/1069/http://www.greenvilleonline.com/article/20090103/NEWS01/901030320/1001http://www.tigertownobserver.com/home/index.cfm?event=displayArticle&ustory_id=89d5856d-1883-45d0-906d-b17bef3d4515