Secure data disposal methods

What is this, and why is it important?

Information systems store data on a wide variety of storage media, including: internal and external hard drives; internal solid-state memory, removable flash memory cards and flash drives; floppy, ZIP and other types of removable magnetic disks; tapes, cartridges and other linear magnetic media; optical storage using CDs and DVDs; and paper.

To prevent unauthorized access, it is critical that data be rendered unreadable when it or the device on which it resides are no longer needed.  This is required by law (and common sense) for all computers and media containing sensitive information.  To help you with this, secure disposal services are provided free on the medical campus.

It is possible to do this yourself, and this page provides the details about methods below.  Note that different kinds of data storage media require different methods for secure removal or destruction, some simple but others complex.  Do it incorrectly and the data remains for prying eyes to discover.  Generally, even if you have the technical skills, do-it-yourself data disposal is not cost effective. 

Proof that secure disposal is not easy comes from this simple fact: insecure disposal is one of the most common causes of sensitive data being compromised.  Not coincidentally, it is one of the most common methods by which identity theft occurs. 

What is really secure?

If you've decided to handle some or all of this on your own, know this first:  As with the secure retention of information, there is no bright line that separates "secure" from "insecure" forms of disposal.  For each storage medium there are more and less secure methods.

What is appropriate in a particular situation depends on the sensitivity of the information at issue, and the perceived threats to it.  The more secure methods generally cost more to implement, both in time and explicit expense, and/or require more expertise to do correctly.  So there is a trade-off.  If you're not sure about what is appropriate in your circumstances, get advice from a university security department with expertise in such issues, use the contacts in our sensitive information guide, or call the Help Desk.

In the end, only total physical destruction affords total security.  For its most secret information, the US government requires that one "[d]isintegrate, incinerate, pulverize, shred, or smelt."  That is not always a practical option, especially if one aims to recycle or resell the media containing the information, but it may be the best choice for extremely sensitive materials.

Paper media

Paper containing sensitive information should be shredded.  Every office (and home) should have access to a shredder or a secure shredding service.  Shredders are cheap.  "Dumpster-diving" for data is common.  Secure recycling containers are distributed around the medical campus for just this reason.

For shredding do-it-yourselfers, there are two options.  Strip cut shredders (also called straight cut or spaghetti cut) render paper into thin, long strips.  Cross-cut shredders (also called confetti cut) provide both length-wise and width-wise dismemberment.  Cross-cut units make re-assembly much more difficult, but are, unfortunately, slower than strip-cutters, more expensive, and tend to require more maintenance.

Alternatively, paper records can be pulverized (rendered into a powder by grinding), macerated (rendered into pulp by chemicals) or incinerated (burned).  This is appropriate for extremely sensitive information. 

Electronic media

The appropriate "cleaning" method for electronic media depends on the type.  The main division is between "magnetic media" and "optical media."   Though both contain information in electronic form, the methods for secure disposal are very different.

Many people are under the impression that all they need to do is "delete" a file from a computer's hard drive or other storage media.  Unfortunately, that's almost never sufficient.  In most cases,"delete" simply changes indexing information about a file, sort of like marking through the entry in a book's table of contents but leaving the pages behind.

Emptying the "recycle bin" or the "trash" folder of deleted files is usually also ineffective.  These methods remove the pointers (indexes) to the deleted files, but the data itself still remains on the storage media as unallocated space. 

Even if the unallocated space is subsequently used by new files, there are sophisticated scanning methods that could be used to recover data previously stored in those locations.  (How well these methods actually work is somewhat controversial.)

Some un-rewritable media, like CD-Rs and DVD-Rs, can't have their contents deleted in any case.  Inoperable media, like a crashed hard drive, may be so corrupted that you cannot access it using normal computer operations; but it still may have data on it that can be recovered by others.

Demagnetizing magnetic media

Removable magnetic "disks" (floppies, ZIP disks, and the like) and linear magnetic media (tape reels, cartridges) can be "degaussed" -- that is, demagnetized.  An appropriately-sized and -powered "degausser" is required. 

For each particular type of magnetic storage and size of degausser there is a minimum erasing time.  "High coercivity" magnetic media require more powerful degaussers and/or more time to achieve sufficient cleansing effects. 

As with disposal of paper information, there are trade-offs rather than absolute standards for "erasing" magnetic media.  The more powerful and lengthy the degaussing process applied to any given type of storage media, the less likely it is to be subsequent recovered by others.

Secure degaussing cannot be achieved with household or over-the-counter magnets, no matter how powerful they may seem to be.  (Such magnets can do some damage to data you want to keep, however.  Keep them away from your computing devices and storage media.)

Note that degaussing can make the media inoperable, so this method is not recommended if the media needs to be reused and/or has resale value.  Use over-writing instead.

Over-writing magnetic media

"Fixed" internal magnetic storage, such as computer hard drives, as well as external "mini" and "micro" hard drive storage, can be cleaned by software that uses an over-writing or "wiping" processes.   USB "flash drive" devices and plug-in memories like CompactFlash, Memory Stick, Secure Digital, and SmartMedia can also be cleaned in this way. 

Special software is used to over-write all the usable storage locations.  The simplest method is a single over-write; additional security is provided by multiple over-writes with variations of all 0s, all 1s, complements (opposite of recorded characters) and/or random characters so that recovery even by the most sophisticated methods becomes almost impossible.

Most "secure file deletion" software offers a choice of more and less secure over-writing.  More secure methods take more time, given the multiple over-write operations, so again there is a tradeoff.  (Note also that the quality of the over-write algorithms offered by alternative products varies.)

There are a few free public domain programs like DBAN that perform secure over-writes.  There are also many commercial offerings (see the list of links on the DBAN web page).  ***Use caution with these products.  They perform deletes from which you cannot recover.***

If you have a Macintosh computer running Mac OS X, you have several built-in options for securely removing data:

For files you've deleted by dragging them to the Trash, use Secure Empty Trash from the Finder menu. It will overwrite and delete files in your Trash folder.
For whole file systems, use the Disk Utility, which can be found in the /Applications/Utilities/ folder. Select the file system on which you want to securely remove data, then select the Erase tab. On the Erase pane, the Erase Free Space button lets you overwrite free space on the file system--that is, space that may contain data for files that have been deleted insecurely. The Security Options button lets you delete or overwrite files that still exist.   Each of these buttons gives you the option of overwriting files once, 7 times, or 35 times.
For individual files, use rm -P from the command line. It overwrites files three times before deleting them.

Mangling magnetic media

You can take a hammer or a high-speed drill to your hard drive, USB drive or other device.  Chances are excellent that you'll render it inoperable in short order. 

But be warned that recovery of data from physically mangled magnetic devices is still possible.  Physical destruction is generally something that must be done by a trained person to be completely effective, particularly for hard drives.

Floppy disks can be broken open and the internal magnetic disk cut up.  As with optical media (see next discussion), caution is required to avoid personal injury from flying plastic parts, etc., and it is still theoretically possible to recover data even from a mangled disk.

Optical media

"Write-many" optical media (such as CD-RWs and DVD-RWs) can be processed via an over-write method similar to that for magnetic media.  However, the vast majority of optical media in use are of the "write once" type -- notably the ubiquitous CD-Rs and DVD-Rs.   They cannot be over-written.  Because such media are optical rather than magnetic, neither can they be degaussed.  

So, as with paper, only physical destruction will do.  Many higher-capacity paper shredders are rated for CD/DVD destruction for exactly this reason.  It's a good investment to upgrade to a shredder that is CD/DVD capable if you regularly rely on optical media for your data storage.

As with magnetic media, you can perform a physical attack.  Cutting a CD or DVD with scissors is an alternative if you have only a few to do.   But note that cut-up discs have been successfully reassembled and read, so cut them into multiple pieces and, ideally, dispose of the pieces in different trash receptacles.

Breaking discs in half with your hands can send dangerous shards of plastic flying.   Burning discs (or microwaving them) can release toxic fumes.  Don't ever do this!

Computer recycling programs

For a whole system, some manufacturers (like Dell and Apple), and many retailers of computer equipment, offer recycling programs that meet both security and environmental concerns.  These programs will process the entire old system for disposal, including cleaning the hard drive and any other storage media, when you trade it in as part of a new purchase.   

Use a search engine to find out what is available for your home system.   For your work system, make sure you follow the surplus equipment procedure.

Learn more

Secure disposal methods by media type (UM Privacy Project)
A table of methods for "cleaning" and "sanitizing" based on US Department of Defense standards

Guide to Understanding Remanence in Automated Information Systems (NCSC)
A detailed technical discussion from the National Computer Security Center of the issues related to removal of information from magnetic and other media