When Natalie Hall, a 15 year old from Bowmanville, Ontario, Canada, traded her broken iPhone into a recycling kiosk for $11, she didn't expect she'd ever see it again. Then, she started receiving screenshots of her personal photos on her "recycled phone" from a man in Dubai, reported the CBC News Service. He also accessed her private Instagram account and sent her direct messages.
Natalie and her mom admitted to not reading through all the terms and conditions on the kiosk prior to turning in the phone. The company that ran the kiosk is TBooth and it notes that it is the customer's responsibility to "delete all data from the trade-in device before you trade it in," and the company "cannot guarantee that any data left on the device will be deleted or not deleted."
It is common for most phone carriers and consumer phone trade-in programs to waive responsibility for wiping data off phones. Taking the time to properly wipe the data off the phone is not a difficult process for an individual, but for businesses with hundreds or thousands of phones, this may be more challenging and the risk too great.
Check your agreements with carriers, trade-in partners, or disposition vendors to be sure they take responsibility for data destruction on retired phones. Otherwise, have a robust internal mobile device management program that wipes out all corporate data on these phones when disposed.
Learn more from Cascade by reviewing our presentation on sanitization challenges of smart phones.
Credit and thanks to: Cascade Asset Management Newsletter