Office for the Aging
Disposal of Electronic Devices
Issued: November 14, 2012
Link to full audit report 2012-S-39
To determine if electronic devices being surplused by the State Office for the Aging (SOFA) had been permanently cleaned of all personal, private and sensitive information, and also whether the Office had developed formal processes to minimize the risk of unauthorized disclosure of such information when disposing of such equipment. The audit covers the period January 1, 2012 through May 26, 2012.
Office of Cyber Security Policy P03-002 requires all state entities to establish formal processes to address the risk that personal, private or sensitive information may be improperly disclosed. One way information can be compromised is through careless disposal or re-use of electronic devices. Personal computers, tablets and smart phones pose a particular concern because they can easily be returned to the manufacturer or sold to the public while still containing private information. The Policy therefore requires that all electronic media (i.e. hard drives and other memory components) in these devices be securely overwritten or physically destroyed to prevent the unauthorized disclosure of sensitive information.
- During March 2012, SOFA had amassed 18 computers that were ready for surplus sale. Using forensic software, we analyzed the media components of each device and found none contained any readable data. We therefore concluded that the Office has complied with requirements to protect sensitive information.
Other Related Audits/Reports of Interest
State Government Accountability Contact Information:
Audit Director: John Buyce
Phone: (518) 474-3271; Email: StateGovernmentAccountability@osc.state.ny.us
Address: Office of the State Comptroller; Division of State Government Accountability; 110 State Street, 11th Floor; Albany, NY 12236