What happens to data when it is no longer useful? This is a question that many organizations grapple with all the time. Securing obsolete data is as important as securing it when it is useful. Secure data destruction is no longer an option but mandatory. Laws have been put in place to guide data handling.
The Fair and Accurate Credit Transactions Act of 2003 (FACTA), Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, Gramm-Leach-Bliley Act (GLBA), and Europe’s General Data Protection Regulation (GDPR) all require secure data destruction. Violation of these laws can have steep financial and legal consequences in terms of fines and other penalties. This is why an organization needs professional data destruction services.
Secure data destruction has four main considerations;
- Amount of data – How much data can be destroyed on time? Different data destruction methods take different timelines.
- Cost – How much does it cost? Do you need to reuse the media? Some data destruction methods destroy the media completely, while others leave it functional.
- Certification – Data erasure solutions must meet the set standards and legal requirements in place. There should be a way to verify that the data has truly been destroyed
Secure Overwrite
Overwriting media involves writing incomprehensible data over the old data on the media such that it becomes scrambled and ineligible. It does not destroy the media, enabling repurposing of the equipment.
Advantages
- It is cost-efficient because there is no need to spend money on new equipment
- Overwriting software can be deployed over a network, which makes this method timely. Media can be handled concurrently instead of serially.
- Overwriting solutions come with validation and reporting utilities. It is possible to audit the effectiveness of data destruction.
Disadvantages
- Overwriting sensitive data requires multiple passes, which takes a lot of time when the media is of large volume
- Overwriting cannot be used on a damaged media, which still leaves the data vulnerable to extraction using forensic tools
- Some overwriting tools are unable to overwrite data in locked and hidden sectors
Firmware Based Erasure
This is an inbuilt data destruction method in modern computers. This method is more secure than a simple deletion.
Advantages
- Media can be reused
- Cost-effective as there is no need to use third-party tools
- Environmentally friendly because there is no hazardous residue to dispose
- Faster than overwriting
- Provides a certifiable audit trail
Disadvantages
- Only possible on SATA and IDE hard drives
- Data in locked sectors may be left intact
- Not possible on damaged hard drives
Degaussing
Degaussing is scrambling of the electromagnetic fields in a hard disk to render them inaccessible. It is the most secure method of data destruction apart from physical destruction. The media becomes unusable after degaussing.
Advantages
- It is a fast process
- Very good at destroying data on old hard drives. It destroys data in locked sectors
- It can be used on all magnetic media, including external hard drives
Disadvantages
- Does not work on solid-state drives and flash drives
- It is wasteful in that the media is not reusable. This is not a green method
- It is not effective on drives with thick shielding
- It is impossible to verify if data has been destroyed, which makes it hard to certify
Physical Data Destruction
This is the most secure method of data destruction. There are several ways to make drives inoperable and unreadable;
Drilling
The media is destroyed by making holes in it with special drilling bits.
Crushing
The media is destroyed using special crushing machinery powerful enough to distort the shape of the drive.
Shredding
This method of data destruction cuts the media into little pieces that are less than 5 millimeters. It is ideal for most types of storage media including optical drives, magnetic tapes, flash drives, magnetic cards, and hard drives.
Melting
Data destruction services consider this is as the most secure way of data destruction since there is no way to recover and reconstruct melted matter.
Advantages of Physical Destruction
- Most secure method of data destruction because the storage media is damaged beyond reconstruction, which renders useless data recovery by any known methods
- It is efficient for destroying large amounts of storage media
- Different types of storage media can be destroyed together to make the process even more efficient and timely
Disadvantages
- It is wasteful in that storage media cannot be reused
- The resulting waste is hazardous and must be disposed of in the right manner, adding costs to the process
- There is no verification unless the data is first purged electronically before subjecting the storage media to physical destruction
Combining electronic and physical data destruction methods is the best way to fulfill regulatory requirements. For example, degaussing can be performed and then the storage media shredded for finality. Whatever combination an organization chooses, it must ensure that data is destroyed completely. Failure to do so can expose an organization to legal and financial trouble. A well-thought-out data destruction policy is a must for any organization handling public data.
