Securely Removing Data
You are here
Computing systems (including desktops and laptops, networking equipment, cellular phones, PDAs, and other mobile devices) store data on a wide variety of storage media (e.g., hard drives, USB flash drives, floppy disks, CD-ROM's, tapes, memory). This data must be securely removed from the media once the data and/or device is no longer required in order to prevent unauthorized disclosure of the data. This is particularly true if the device contains sensitive data.
This document will discuss the risks associated with and the processes used to securely remove data from storage media and it will also explain why a simple delete of the data files does NOT suffice.
Why Remove Data?
There are a number of reasons why the data maintained on computer systems and devices would need to be securely removed. Perhaps a computer system is being replaced with a more powerful device and the old system is being transferred to another department or sold at auction. Maybe the backup data stored on a CD-ROM has reached the end of its useful life and needs to be expunged. Perhaps a magnetic tape has been used the maximum number of times that it can be to reliably preserve data. Maybe a hard drive has become damaged and is inoperative.
In each of the aforementioned cases, the University has legal and ethical obligations to ensure that any institutional data is securely removed to minimize the risk of possible disclosure. see policy on disposal of ict equipment and electronic waste management, here is the link.
Why Delete is Not Enough
A file can be deleted from a computer's hard drive using a number of methods: by issuing an rm or del command from the command line, by highlighting a file in Nautilus, Finder, or Windows Explorer and pressing the Delete key, or by emptying the Recycle Bin or the Trash folder. However, these methods only remove the pointers to the actual files -- they do NOT remove the data. The data remains on the hard drive as unallocated space.
Another common misconception is that using system utilities (e.g., fdisk) and re-formatting the hard drive will securely delete all data on the hard drive. Like rm and del, these utilities modify file system attributes but do not remove the data.
CD-ROM's, since they are read-only, introduce a different challenge in that there is no way to programmatically and securely delete the contents of the CD. Inoperable hard drives are also troublesome in that they can not be connected to a system and accessed through software.
Secure Delete Methods
We've discussed earlier that one cannot rely on deletion alone and that there are certain devices that present special issues. So, what is available to help us securely delete and/or destroy the data?
1. Wiping Utilities
Disk wiping is a term used to describe a programmatic process that writes a series of 1's and/or 0's over the disk in an effort to securely remove the data. DBAN is an example of a software tool that has this capability. CyberCide, DBAN, Declasfy, East-Tec's DisposeSecure, East-Tec's Eraser, Heidi's Eraser, PDA Defense, and Symantec Ghost's gdisk32 can be used as well. Depending on the speed or the performance characteristics of the computer you use to run this software, disk wiping might be time-consuming.
Mac OS X also comes bundled with Disk Utility, an application that allows for the secure wiping of hard disks.
For instructions related to the above information, visit: How can I securely wipe disk drives?
2. Destruction
For media that has contained highly sensitive data or for media that the cannot be wiped (e.g., inoperable/damaged hard drives, DVD's) or degaussed (e.g., CD-ROM's), destruction of the media is the most effective means of ensuring that the data cannot be recovered. Destruction of the media can be accomplished via a number of methods: shredding disk platters, grinding the surfaces off of CD's, incinerating tapes, etc. In order to be effective, the destruction has to be thorough. A simple whack with a hammer, for example, would leave the majority of the data on the media readable.
The University has data destruction services available:
3. Degaussing
Degaussing is a process by which magnetic storage media is subjected to a powerful magnetic field to remove the data on the media. This is quite a costly measure. In addition to cost, degaussing is ineffective in erasing optical media (DVDs, CDs) and solid state drives, but the Data Destruction Service is capable of destroying those forms of media as well.
Data on Paper
Information classified as Critical, when stored in paper form, must be properly disposed of/destroyed. If your department does not handle a large amount of Critical data on paper, you may consider purchasing a small paper shredder (ensure it's a cross-cut shredder).
If your department handles a higher volume of sensitive or Critical data on paper, you may wish to utilize a secure document destruction vendor.