Well, yes, one wonders. The rules have been there for a long time. In fact, 10 years ago, the commissioner who preceded me, Bruce Phillips, did an investigation of this kind and found that there were an enormous number of computers that were not being wiped clean.
My take on this is that at the end of the 1990s we were all just starting to work with computers and maybe we didn't realize that everything is indelible unless it's specially wiped and so on. But we thought, for interest, that we would follow up 10 years later to find out what was happening.
In our sample, 40% of the computers had not been completely wiped. There was still personal information on them--in fact, national security information--in spite of the clear directive that has been around for more than 10 years, and in spite of, I would say, increasing popular personal individual knowledge of what happens on the computers we all work with, whether they're little BlackBerrys or much more powerful ones.
This was a bit of a surprise to us. It's not that the rules aren't there, but I guess busy people forget that, or the job's half done. That's another audit we'll be following up on in two years.