How to dispose of confidential data
Administrators know the importance of keeping confidential data confidential but sometimes a small lapse can turn the enforcer into the perpetrator.
Hardware gets old and needs to be replaced as does faulty hardware; however, what happens to the old stuff? Some companies sell their old computers for low prices to their employees. Some give them to charities and sometimes they get returned to the manufacturer. Whichever disposal system you use it’s imperative to have a proper procedure on how to deal with the data stored in those computers.
For obvious reasons it is impossible to know what data is stored on these hard drives. Even if policies are in place prohibiting the storage of confidential data you can never know if your employees have all followed these policies. Checking each and every drive before disposing of it is too impractical, so what options does an administrator have?
Format the drives? Formatting will not cut it because all your data would still be stored there; here’s why: a disc drive stores information in a structure called File System. There are many file systems and they work in different ways but the most popular ones work by having two different sections on the disk – one is a section that contains metadata (filenames, pointers to where a file starts and ends, permissions etc…) while the other section contains the actual data. When you delete a file or format it what you are doing is changing the metadata so that it no longer points to that file or files and marks that space as available. Physically however the data would still be there and file recovery software can scan a hard drive, find these files and rebuild them.
One thing to really look out for here is that there is a belief that a format is not a good enough protection for wiping data only when doing a quick format. I came across a lot of posts on the internet claiming that running normal formats or unconditional formats will overwrite all data with 0s making it unrecoverable. This is absolutely wrong; normal and unconditional formats do not overwrite the data and my tests have confirmed that data can easily and quickly be recovered just as much as after a quick format.
What we need to use is a wiping utility. These utilities will write random or specific data on each available block thus overwriting your old data making it unrecoverable. There are two different methods for doing this. There are utilities that random data on every hard drive location and there are utilities that instruct modern drives to perform a Secure Erasure operation. This basically does the same thing, but instead of the software taking care of writing data at every location it would be the drive itself that does this through its internal software.
Finally an effective erasure would be physically damaging the drive. Nothing fancy is required; just drill a couple of holes in it. Unless you’re working for the military and are storing state secrets which would result in the end of the world if leaked, this should be more than sufficient to ensure the data is unrecoverable.
Be careful when sending in a hard drive for repair. If the hard drive used to contain sensitive data it might be better to simply destroy it and buy a new one. It might be tempting to accept a replacement and let your supplier have the old damaged hard drive especially if assured that the drive will be destroyed once engineers and the manufacturer verify that it is faulty; however, as Hank Gerbus discovered, such assurances do not always suffice.
Great article! What about laptops though? Last month the hard drive in my laptop died and I had to send it to Toshiba for repairs. It would have voided my warranty had I tried to replace it myself. The dead drive had all my business data on it.(Yes I did have a back up!) I wonder if I could have/should have asked that the dead drive be sent back to me along with my laptop?
Hi Sue,
sorry to hear about your hard drive, unfortunately there is no clear answer for this. In the event of confidential data such as business data one must weigh in the risk against the benefit. What would be the harm if that data gets retrieved? if the data could cost you customers and worst put you legally liable, voiding the warranty might be a small price to pay to ensure your data is safe.
Asking for the drive back is an option though in my experience they’ll come up with all sorts of excuses not to do it.
“I came across a lot of posts on the internet claiming that running normal formats or unconditional formats will overwrite all data with 0s making it unrecoverable. This is absolutely wrong; normal and unconditional formats do not overwrite the data and my tests have confirmed that data can easily and quickly be recovered just as much as after a quick format.”
I’m one of those people who thought formatting would wipe out all data in a drive. I guess I’m wrong. What utility would you suggest for complete erasure? If I wanted to sell my old PCs, I want to sell the drives with it as well.
Hi Xander,
Don’t feel bad about, that was exactly what an unconditional format used to do in the past but Microsoft suddenly changed their behavior and, well, the change wasn’t very well advertised.
In any case any disk wiping tool should be okay (basically a tool that actually 0s every byte on the hard drive). Some do this multiple times to ensure that data cannot be retrieved not even in a laboratory setting.
I searched and the first hit was a free tool: http://sourceforge.net/projects/disc-wipe/ which should do the trick perfectly
I actually came across an article about an employee who mistakenly had his hard disk disposed of only to realize that he required confidential information still on the disk.
After finding out that his local IT department had donated it to charity, he literally tracked down the hard drive and retrieved the information. One of the rare instances where “not” using a wiping utility had saved an employee’s career.
@Lauren,
Interesting story
On the other hand while the employee was a hero in saving the data he also at the same time exposed the confidential data to a number of people who might have actually stolen it without the company realizing it I guess.
It’s none the less an interesting story, do you happen to have a link ? I would like to read it.
This story reminds of the old movies when the hero and villain concepts used to intertwine a bit in the plot line and by the end of the movie the main character who started out an obvious villain is cheered as a hero.