Disposal of Computing Devices
When you dispose an old computer, or throw away a used or defective storage media such as a hard disk or a floppy disk, are you sure that nothing sensitive was left in that computer or storage media? Are you sure that disposal or re-use of such storage media will not cause data privacy problems? Some people may think that the "delete" or "format" command of Windows or other operating systems is sufficient to erase the data, but the reality is not.
This section provides information on data deletion, and the proper way of disposing computers or storage media in order to prevent unwanted disclosure of information.
Delete and Format Commands
For data kept in electronic storage media, a directory entry for that file is usually created together with the file. When the file is deleted using the "delete" command, it does not actually destroy the data. It only deletes the pointer between the directory entry and the file so that space allocated to the deleted file is free for storage of other files. The data contained in the file remains in the media until it is overwritten. By using commonly available utilities, it is possible to retrieve the deleted data from the storage media.
The "format" command also may not properly erase the previously written data in a storage media. This command creates an empty root directory and a new blank indexing scheme for all allocation units on the storage media making it available for storage of new files. There are also commercially available utilities to recover lost data from storage media caused by accidental execution of the "format" command.
Overwriting data with appropriate number of passes using suitable patterns can render the overwritten information very difficult to be recovered. Commercially available software tools and services are available in the market to perform secure deletion by means of overwriting.
This secure deletion software should be properly configured and used. Only if no error is reported during the erasure process, the data is completely erased from the storage media.
Besides, if the media contains damaged or unusable tracks and sectors which may inhibit the overwriting process, the media should be physically destroyed such as by means of incineration or pulverisation.
Degaussing is a method to magnetically erase data from magnetic media by exposing it to a strong magnetic field. Degaussing usually takes much less time than overwriting. Degaussing is useful in situations where the hard disk is defective and cannot be sanitised by the method of overwriting.
There are commercially available degaussers for hard disks and magnetic media. During the degaussing process, the degaussers have to be operated at their full magnetic field strength. The product manufacturer's directions must be followed carefully since deviations from an approved method could leave significant portions of data remaining on the magnetic media. Sufficient checks and balances mechanisms should be in place for the degaussing process. Sample check of the degaussed media should also be performed by another party to ensure that the degaussing is done properly. Besides, the degausser should also be periodically tested accordingly to manufacturer's directions to ensure that they function properly.
For storage media that cannot be sanitised by means of overwriting or degaussing, physical destruction such as by means of incineration (burn in high temperature) or pulverisation (grinding to dust) would be required. For highly sensitive information, apart from sanitisation, it is also recommended that the media be physically destroyed before disposal.