Securely Deleting Electronic Information
In today's digital age, we routinely store personal and sensitive information such as our banking and tax information, addresses and phone numbers, and photos on a variety of magnetic storage media. Traditional media includes computer hard drives, USB flash drives, CD-ROMs, and DVDs. "Lifestyle" devices such as smart phones (iPhones, Samsung Galaxy, etc.), mobile entertainment devices (iPods and MP3 players) are extremely versatile and are also being used to send/receive email and attachments, take/store photos, keep lists of names/addresses/phone numbers – all of which can be considered personal or sensitive information. Other types of storage are Compact Flash, Memory Stick cards, and Secure Digital (SD) memory cards.
To prevent your information from being misused, care should be taken to ensure that any personal or sensitive information is securely deleted especially before recycling or disposing of any such devices or storage media. This document provides an overview on how to securely delete information from commonly used electronic devices. The first section describes methods that can be used for equipment that will be re-used or recycled (given or sold to someone else for further use). The second section describes secure deletion methods that should be used if the equipment is to be permanently disposed of (not re-used).
Why "DELETE" is not enough:
Using a computer's standard "delete" function is not sufficient to permanently erase sensitive information. When you delete a file or folder using the "Recycle Bin" or "Trash", your operating system simply flags the contents of the file/folder to be overwritten and re-used in the future. Until that space is overwritten, the contents of the file still exist on the media and can be recovered with disk/file recovery tools that are readily found on the Internet. With today's large hard drives, the contents of these "deleted" files can remain, unchanged, on the media for a very long time.
Section 1 – Equipment will be recycled:
To securely erase the information, it must be overwritten. The more times the information is overwritten, the less likely it can be recovered. However, the more times you overwrite the information, the longer the process will take. This process is called "disk wiping" or "disk shredding." It is recommended that the higher the sensitivity or confidentiality of the information, the more times the information should be overwritten.
There are commercial, shareware, and free disk wiping tools. Some tools will allow you to delete individual files or folders and others will erase an entire hard drive. While there are freeware tools that perform well, these may require a more technical understanding of computers to use them properly. Commercial products tend to be easier to use and understand. Please read the instructions thoroughly for the tool that you select. The files/folders you delete will be permanently erased and cannot be recovered. If you are unsure of how to use your selected tool or don't know which tool to use, please seek assistance from a knowledgeable source.
If you are recycling a computer or device, securely erasing the entire hard drive is recommended. Be aware that doing so will also erase the operating system requiring a complete re-installation of the operating system before the computer can be used again.
Windows OS:
Eraser is highly rated free tool for any computer using the Windows operating system. This tool works well to delete individual files and folders that contain sensitive or personal information that you no longer need. Eraser can be downloaded from: https://eraser.heidi.ie/download/
To erase an entire hard drive, a recommended free tool is Darik's Boot and Nuke (DBAN): http://dban.sourceforge.net/
With this tool, you'll need to create a bootable USB flash drive or CD, then boot your computer. The application will launch automatically and you'll need to specify which partition or hard drive that you'd like erased.
You can also see Microsofts article about safetly disposing of computers for more information on data erasure: https://www.microsoft.com/en-us/safety/online-privacy/safely-dispose-computers-and-devices.aspx
A list of free tools is available at: http://www.thefreecountry.com/security/securedelete.shtml
Macintosh Computers:
Mac computer hard drives can be securely erased by zeroing their data. The Apple site provides step-by-step instructions for securely erasing from within macOS using Disk Utility. Note that securely erasing may take a long time, depending on the size of the hard drive.
More detailed information for Macs can be found at the following links:
-
Disk Utility for macOS Sierra: Erase a volume using Disk Utility https://support.apple.com/kb/PH22241
-
For a general search of the the Apple Knowledge Base, go to: https://support.apple.com.
In previous versions of macOS, you were able to securely delete items in the trash through the “Secure Empty Trash” command in the Finder to ensure that deleted files were overwritten. This feature has been deprecated in current versions of macOS due to hardware limitations in modern solid state drives (SSD). To limit access deleted items and documents, you may want to encrypt your device. You can find out about more about macOS encryption at https://support.apple.com/en-us/HT204837
Section 2: Equipment will be disposed of (destroyed):
Degaussing is a permanent method to securely delete information from most magnetic storage devices. Degaussing is a process by which the storage media is subjected to a very powerful magnetic field which demagnetizes the media and renders it permanently unusable. Degaussing is most commonly used with inoperable hard drives and magnetic tapes in large enterprise environments. The price of a low-end degausser starts at approximately $3000. Working hard drives in computers should be erased with a tool such as the above mentioned DBAN before disposing of the computer.
However, most modern computers use solid state drives (SSDs) and do not rely on magnetic plates to store data. For these types of drives, degaussing would not erase the data within them. The most effective way to erase data from SSDs would be to reformat them or physically destroy them.
Physical Destruction:
Commercial services are available to physically shred hard disks. Tapes can be unwound from the spools. The magnetic media can then be physically cut into pieces such as running it through a shredder. The same types of services are also available for solid state drives: they can be crushed and shredded.
Write-Once Media (CDs. DVDs):
CDs and DVDs that can only be written to once (also called CD-R, or DVD-R), must be physically destroyed preferably by running it through paper shredders that are also rated for shredding CDs and credit cards.
Cell Phones:
For information on how to delete all your information from your cell phone before recycling or disposing of it, check with your cell phone manufacturer.