There’s a lot of misinformation and misunderstanding about “wiping,” “sanitizing,” or “destroying data” on hard drives found in retired IT assets before selling those assets on the secondary market.
If you don’t want to inadvertently hand over your company’s data or employee’s PII to competitors or criminals, here are seven important things to know about making the data on your hard drives permanently irretrievable.
- Reformatting a hard drive on a desktop or laptop computer doesn’t actually erase any data, it simply removes your ability to see and access it by clearing the File Allocation Table (FAT).
- You can’t actually erase data once it’s stored on a hard drive if you want to keep that drive in working condition, all you can do is overwrite it with other data.
- Hard Disk Drives (HDD) can have their data erased by ruining the magnetic fields of their disks in a process known as degaussing, but the drive won’t be able to store data after being degaussed.
- Solid State Drives (SSD) do not use magnetic platters so they cannot be degaussed. They can only be overwritten like HDDs or physically destroyed in a shredding process similar to how paper documents are destroyed.
5. Data overwriting techniques:
- include writing zeros; a series of random characters; or a user-defined pattern of ASCII characters
- can be conducted in 1, 2, 3, 7, or as many as 35 passes
- sometimes use sequences of different overwriting techniques listed above
- sometimes use a final pass that reads the disk to ensure it only contains the expected characters and no coherent data
- have a selection of cryptic names like “CSEC ITSG-06” and “Navso P-5329-26 MFM”
- are defined by different government agencies and militaries around the world, with a few methods attributed to cryptographers, academics and data security experts
6. With advances in hard drive technology and wiping software development, it’s generally considered that one pass to overwrite the data and one pass to read to verify is adequate, and that additional overwrite passes on modern drives are now an unnecessary expenditure of time, energy, and money.
Prices and speeds vary by service provider, hardware and software, but one overwrite pass with 100% verify read on a fast 1 TB drive in good condition can average 7 hours, and up to 11 hours on a slower drive or one in poor condition. Reducing the verify to a random-sample 10% verify read almost cuts those times in half and is generally considered adequate.
7.Recyclers with R2 and e-Stewards certifications are seldom also digital data destruction specialists which can be identified by having National Association for Information Destruction (NAID) AAA certification appropriate to different drive types. That’s why some nations’ governments like Australia and a growing number of government agencies, militaries. and corporations around the world require NAID AAA certifications for their IT Asset Disposition (ITAD) projects.
Is Data Destruction of Retired IT Assets Your Highest Priority?
If so, select a vendor like NextUse, which has digital (HDD & SSD) data destruction certification, and oversight from NAID to ensure compliance with stringently-defined industry best practices for data security and destruction. Our Greater Boston area facility is currently one of only four in the world to hold this certification.
NextUse can wipe and verify hundreds of drives simultaneously both at our facilities and at client site, and can quickly scale up operations for any size project.
It’s not worth using a slightly cheaper R2 or e-Stewards certified recycler over a certified data destruction specialized vendor and risk an average $4 million lost for a data breach globally, and almost $8 million in the US.