An Office of the New South Wales (NSW) Privacy Commissioner investigation has found passenger rail service RailCorp did not comply with privacy law when it wiped clean unclaimed USB keys it sold at auction, Infosecurity reports. The cleansing process was inadequate because it “did not prevent the recovery of cleansed data using off-the-shelf, inexpensive software,” the report states. NSW Privacy Commissioner Elizabeth Coombs found the company “did not utilise specialised data deletion software” so the information was not protected against loss, unauthorised access, modification, disclosure and misuse. The company has since said it will no longer auction unclaimed USBs and will find a safe way to dispose of them.
If you want to comment on this post, you need to login.