A couple of weeks ago, Elizabeth was surfing the internet when her laptop suddenly gave her a blue screen of death. This is not the first time. In fact, it was the third time in less than a year.
So she got on the phone with Dell Customer Support and proceeded to spend the next 4 hours walking through a series of "diagnostics". The problem was not fixed. The next day, we were talking to them again, and it appeared that they were about to have us go through all of the same "fixes" we already tried. Having dealt with numerous computer failures (including my own Dell laptop) over the years, I was reasonably sure that the problem lay with the hard drive. In short, the drive was dead. Or at least the sectors containing the operating system were fried.
Elizabeth had spent a reasonably large amount of money on the extended warranty, so the machine was still covered. I finally convinced Dell to replace the drive. A new drive arrived within 24 hours. All seemed well until we realized we had to sent the old drive back. Although the drive would no longer boot into Windows, most, if not all of the data contained on it was still technically there.
Passwords, word documents, and all manner of personal identity information were still on the drive. I don't have the technical equipment to get this data off the drive, but I know enough about computers to know that this is not an insurmountable problem for a professional.
We tried fighting the return of the old drive, even offering to destroy it before sending it back. Dells response? They threatened to bill us for the old drive if we didn't send it back. And if we didn't pay the bill, they further threatened to report us to a credit agency. Nice.
They offered NOTHING in the form of a guarantee that the data would be safe in their hands. All they said was, "Don't worry. Trust us." Yeah right. In the end, we had no choice but to return the drive. (Although I suppose we could have simply paid the bill. Although that would have been bullshit, at least the data would have been safe.)
So we filed a report with the Better Business Bureau. Here's the correspondence from that exchange. Remember, the moral to the story: Don't EVER put yourself in a situation where you have to send an old drive somewhere. Physically destroy hard disks with personal information on them. By "physically destroy", I mean use a hammer.
The - COMPLAINT ACTIVITY REPORT
Consumer's Original Complaint:
My crashed for the third time in a single year on 10/6/08. After spending almost four hours on the phone with tech support, my husband and I were finally able to convince them that my hard drive was corrupt. When I purchased my laptop, I paid a hefty amount for a 4-year warranty. I was very pleased that Dell honored this warranty by sending me a on 10/7/08. My laptop is now working perfectly.
My problem lies in the fact that Dell is demanding that I return my old hard drive. They have indicated that if I do not, they will bill me for it and then report me to a credit agency. Although I understand that this return policy is probably in place to limit fraudulent claims, I have stressed to Dell that I am not comfortable returning my hard drive with all of my personal information on it (e.g., previous tax returns; online account passwords; banking account information; social security number; etc). Dell has assured me that my personal information will be destroyed upon Dell's receipt of the hard drive, but in a world where identity theft is common, I feel that it is unacceptable to require customers to return items containing such such sensitive information. I have done some research and discovered that the only way to be 100% certain all sensitive information is removed from a hard drive is by physically destroying it. Dell said they would not accept my hard drive if I break it before returning it.
The following is some information I came across in my research:
"If a computer store, consultant, or other qualified computer tech tells you your hard drive is crashed and the data is unrecoverable, ask for them to return the original drive to you. This way you can physically destroy and dispose of the drive to your satisfaction and avoid situations like Mr. Bowen's where your data suddenly appears on someone else's computer screen."
"Another data security hole can occur if you are required under warranty to turn in your current "broken" hard drive to get a replacement. Once you read about identity theft from simply trying to follow warranty requirements, perhaps you'll think twice unless you're absolutely certain that you have no sensitive data on that drive or anything else that you wouldn't want to share with the whole world."
Dell's customer service informed me that if I am concerned, I should take the old hard drive to a local computer store and ask them to remove all personal data. As I have mentioned above, there is some question as to whether this is 100% effective and I do not want to take this risk. Furthermore, I do not feel that I should have to pay to have this done after I spent so much on a warranty. The entire reason I purchased the warranty was to avoid additional expenses for this laptop.
Consumer's Desired Resolution:
I would like Dell to understand my fear of identity theft and my unwillingness to return my old hard drive. I would like Dell to waive their return requirement, meaning that they will not charge me for the hard drive, nor will they report me to a credit agency. Alternatively, I am requesting that Dell allow me to physically break my hard drive before returning it. This way, they can be assured that I did not file a fraudulent claim and I can be assured that my sensitive personal information is not compromised.
I am writing on behalf of Dell Inc. in response to the inquiry filed with your office by Ms. Elizabeth XXXXXXX. Thank you for making us aware of her concerns.
After reading Ms. XXXXXXX's complaint, the following is what I have determined to be the issue(s).
* Reluctant to return old hard drive due to personal information contained on it
We apologize for any inconvenience that Ms. XXXXXXX has encountered. Several Dell representatives have assisted Ms. XXXXXXX in addressing the issues. Ms. XXXXXXX stated her issues have been resolved concerning returning the hard drive and we have received it back at Dell. In the event Ms. XXXXXXX requires further assistance we request she contact us directly using the information provided below.
If you have any additional questions regarding this issue, you may contact the agent directly via e-mail at or by telephone at -62156. She will be happy to assist you.
William E Bartell
Consumer Rebuttal to Dell's Response:
"Ms. XXXXXXX stated her issues have been resolved concerning returning the hard drive and we have received it back at Dell."
I did not state that my issue has been resolved. It patently has NOT been resolved. Due to the repeated threats of Dell representatives to report me to a credit bureau if I didn't return my old hard drive, I felt I had no choice but to return it. In this sense, I suppose the issue is resolved - there is nothing more Dell can do in my case because the hard drive with my personal information has been sent back to them. However, the larger issue - Dell's policy of mandating customers to return hard drives with extremely sensitive data - is NOT resolved. In order to properly resolve my complaint, Dell needs to change their policy and allow customers to physically destroy their old hard drives prior to returning them. The Identity Theft Resource Center (www.idtheftcenter.org) indicates that becoming a victim of identity theft is no longer a matter of "if" ...it's "when." In light of this, Dell needs to change its policy. Threatening me into sending my hard drive back is not a satisfactory resolution.
"Several Dell representatives have assisted Ms. XXXXXXX in addressing the issues."
Although I did indeed speak with (and send emails to) a number of Dell representatives, none of them actually addressed my issue. As has always been my experience when dealing with Dell, the representatives simply recited scripts. At no time did I feel that my concern about identity theft was truly understood. Frankly, I want nothing more to do with Dell - interacting with their representatives is a maddening and extremely time-consuming experience.
"In the event Ms. XXXXXXX requires further assistance we request she contact us directly using the information provided below."
I have elected not to do this because I do not feel that it will resolve anything. As stated above, Dell does not seem to be willing to take my concerns seriously. Admittedly, they have assured me that Dell views privacy as an important matter, but they do not seem to listen to my argument that their entire policy needs to be overhauled in light of growing concerns about identity theft.