Gone but not forgotten, or gone for good?

The last thing in the world that most people want is for the data on their computer or mobile device to be destroyed. But the reality is whether you are the owner of a large, medium or small business, there will come a day when you need to either remove or replace older media, or you are legally obligated to ensure any data stored on that media is erased and unrecoverable.

Some company policy may be to delete data by moving it to the recycling bin and pressing “empty.” However, this is not enough. Data emptied from the recycling bin is not permanently deleted. The computer simply deletes the pathing and labels the information as free space, meaning that it can be overwritten by new data.

Yet companies make this mistake all the time. A survey conducted by Blancco found that 48% of hard drives and 35% of smartphones still held residual data. Files such as emails, photos and sensitive company documents were recovered from these devices. To securely delete files requires a more thorough process.

No company wants the next user of their old equipment to find their information. It’s vitally important that proprietary information stored on hard drives or in the memories of digital devices be erased and destroyed. For this data to end up in the wrong hands could have serious legal or competitive consequences. However, relatively few people know the correct way to destroy data so that it cannot be recovered by someone else at a later time.

What is data destruction?

Gone but not forgotten, or gone for good?

When you destroy data, the goal is to make it totally unreadable regardless of the form of electronic media on which it was originally stored so it cannot be recovered.

Destroying data means it can no longer be read by an operating system or application. Merely deleting a file is insufficient. When you delete a file on an electronic device, you may not be able to see it any longer, but the information is still stored on the device’s hard drive or memory chip. Data destruction entails overwriting the current data with random data until the current data can no longer be retrieved, or actually destroying the electronic medium.

Why data destruction matters

Gone but not forgotten, or gone for good?

In a day and age when companies of all sizes depend upon electronic media for their most important business operations, all the data created by this equipment needs to be securely protected. But at the end of its lifecycle, it also needs to be securely destroyed. You may have important information that you are not interested in sharing with anyone. Your company has legal requirements for data destruction, particularly if you operate on a global scale where different countries and different regions can have different legal requirements concerning destroying data.

So the importance of destroying all data would seem to be obvious. Yet according to some studies, as many as 10 percent of all secondhand hard drives sold over the internet still hold personal information. And it’s not just individuals who fail to destroy all data. In 2012, Britain’s National Health Service Trust was fined almost $500,000 for selling hardware online that contained the records of thousands of patients.

It’s important for any organization to consider several important factors before they choose how to destroy the old data.

  • Time: Is this something the company regularly does or has it stockpiled old data storage equipment to do a large amount at once? Each of the different methods explored below operates on a different timescale. Knowing how much time you want to spend on data destruction can influence the choice of method.
  • Cost: Can your company afford to get rid of old equipment? Or is it interested in reusing older electronic media for new purposes? Again, the answer to this question will determine the type of destruction method you want to use.
  • Validation and certification: If you are destroying data because it’s a legal requirement or a regulatory issue within your industry, make sure the method you choose allows you to show that you have met any standards or requirements for data destruction.

Once you know the answers to these questions, your business can choose an appropriate way to destroy old data.

The different forms of data destruction

  • 1. Delete/Reformat

  • 2. Wipe
  • 3. Overwriting Data
  • 4. Erasure
  • 5. Degaussing
  • 6. Shredding

1. Delete/Reformat

Gone but not forgotten, or gone for good?

Deleting a file from an electronic device may remove it from a file folder but does not actually destroy the data. The data remains on the hard drive or the memory chip of the device. The same is true when you try to destroy data by reformatting the disc. This does not wipe the data away either. It simply replaces the existing file system with a new one.

2. Wipe

Gone but not forgotten, or gone for good?

Data wiping involves overwriting data from an electronic medium so that this data can no longer be read. Data wiping is normally accomplished by physically connecting any media to a bulk wiping device. Data wiping can take a very long time, sometimes an entire day for just one device. Data wiping may be useful for an individual, but it is impractical for a business owner who has several devices they need wiped.

3. Overwriting Data

Gone but not forgotten, or gone for good?

When data on an electronic device is overwritten, a pattern of ones and zeros is written over the existing data. In most cases overwriting once will accomplish the task. But if the medium is a high-security one, it may require multiple passes. This ensures that all data is completely destroyed and no bit shadows can be detected. Overwriting is perhaps the most common way to destroy data. However, it can take a lot of time and only works when the medium being overwritten has not been damaged and can still have data written to it. It also does not offer any security protection during the overwriting process. Overwriting does not work on any hard drive that contains advanced storage management components. If you are overwriting a device due to legal requirements, you may require a license for every piece of media that is being overwritten. It is not foolproof.

4. Erasure

Gone but not forgotten, or gone for good?

Erasure is another term for overwriting. Erasure should be complete and destroy all data stored on a hard drive, and deliver a certificate of destruction showing that the data on an electronic device has been successfully erased. Erasure is a great idea for businesses that have purchased equipment off-lease, such as desktops, enterprise data centers and laptops, or if you desire to reuse hard drives or redeploy them for storage of different materials.

5. Degaussing

Gone but not forgotten, or gone for good?

Degaussing destroys computer data using a high-powered magnet which disrupts the magnetic field of an electronic medium. The disruption of the magnetic field destroys the data in a device storing a large amount of information. When you degauss a piece of electronic equipment, you render its hard drive inoperable and destroys the interconnect equipment of the hard drive. This is not the method to choose if you want to reuse an electronic digital device like a laptop, computer or mobile phone.

The other problem is that you have no way of knowing if all the data has been destroyed. By rendering it inoperable, you cannot check to see if the data has been destroyed. The only method to verify data destruction, in this case, is to use an electron microscope. But unless you are destroying high-security information, checking this way is expensive and impractical. As technology changes and hard drives improve and grow larger, degaussing is perhaps not as effective a method as it used to be.

6. Shredding

Gone but not forgotten, or gone for good?

Another form of physical destruction, shredding may be the most secure and cost-effective way to destroy electronic data in any media that contain hard drives or solid state drives and have reached their end-of-life. It’s also very effective for optical drives, smartphones, tablets, motherboards, thumb drives and credit card swipe devices, to name a few.

Shredding is a great way to destroy data if you have a large data enterprise center or a large stockpile of old hard drives and media that you want to destroy. It’s very secure, fast and efficient. Shredding reduces electronic devices to pieces no larger than 2 millimeters. If you work in a high-security environment with high-security data, shredding should be your number one choice as it guarantees that all data is obliterated.

E-waste and recycling

Gone but not forgotten, or gone for good?

It is possible to reduce your company’s impact on the environment and recycle up to 98% of all data destruction and e-waste that is collected.

After destroying your data storage devices, the recycling of the remaining materials of non-secure electronic equipment such as monitors, keyboards, mice, cables and telephones. We are able to destroy and break down these products to ensure that as much of them as possible is recycled and diverted from landfill.

The process of e-waste recycling recovers base metals such as copper, aluminium and steel from your destroyed electronic products. These materials can be reused in their raw form so that they don’t end up in landfill where they can pollute the natural environment. E-waste recycling can prevent up to 98% of your electrical products from causing potential damage and harm to the environment.

See also: