Best Practices: Data Disposal

Whether you are planning to discard, recycle, reuse or donate maybe even sell your computer, take steps to ensure that the information stored on your system is either removed or “sanitized” or completely deleted or destroyed. Criminals can get their hands on old devices such as computers, disk drives, USB sticks, mobile phones, memory cards and find personal or confidential information, possibly stealing your identity.

What Does Not Work?

  • Deleting Files either by using the “delete” command or drag items to the “Trash” folder, they are not completely gone from your computer's memory. The data is still stored on your computer's hard disk. You should note that there are many programs available that a hacker could run to restore data that has been deleted in this manner.
  • Reformatting is slightly better than deleting files, however even installing a new operating system on top of your old one does not fix the problem.  You can still recover many of your previous system's files.
  • Encryption can help with theft if your device is lost or stolen, however encryption is only as strong as your password and encryption method because the information is only hidden from view.

What Does Work?

  • Physically destroying the device, you can use such means as heat, magnetic field, shredding or pulverizing to physically destroy the device.  Many office shredders can handle devices such as CD's, DVD's and floppies, however hard drives can be much tougher to destroy.
  • Sanitizing or Wiping the device, special software can overwrite any stored information and make it unreadable or unrecoverable.

If you are interested in “sanitizing”, the easiest and most secure way to remove the data is to use a “wiping” program that not only deletes the data, but also overwrites each sector of your hard drive multiple times. This process can take a long time - maybe even hours, depending on the speed of your computer. However, it is a much more secure way to remove your hard drive's data and ensure that your personal information won't be obtained by another user.  Essentially, you need to run a specialized program to wipe all the information from your computer's memory.

You'll need two things to successfully sanitize your computer's hard drive. First, you need a software program to overwrite your existing data. Some tools you can use are:

You will also need a CD or USB key to start up the computer and run the tool so that you can sanitize the whole drive.

Make sure that the tool you use has a feature to wipe the entire drive, not just empty space. This is the only way to make sure that all of your personal files and settings are removed.

If you are interested in destroying the media, The Division of IT (DoIT) can help with proper data disposal by offering a ShredIT event two times a year.  Each spring and again in October for National Cyber Security Awareness month, DoIT will collect all types of data storage media and have it properly shredded.  This is open to University system, campus and hospital departments at no cost for University-owned equipment.  Department IT Pros are notified of these event dates and encouraged to participate, all they have to do is collect media and drop it off, DoIT will take care of the proper disposal.

Last updated: April 05, 2014