What should you do with the data that is stored on an electronic device that your business no longer uses? Businesses across the country are faced with this question everyday, but unfortunately, many of them do not know the right answer. To understand how to get rid of data and ensure that it does not fall into the wrong hands, it’s important to learn the difference between data deletion and data destruction. Here’s what you need to know:
What is Data Deletion?
Have you ever dragged a file that you no longer need to the “trash” on your computer desktop? Every time that you empty the trash, you have deleted the file from your computer. The file may be deleted, but that does not mean that it is gone forever. Even after the trash has been emptied, the files that were deleted remain hidden on the computer’s hard drive.
How does it work? To understand why the deleted file remains on the hard drive, it’s important to learn about how operating systems organize files. Every file or folder on your hard drive has a “pointer” that tells the operating system where the file’s data begins and ends. When someone deletes a file from the computer, the pointer is removed and the operating system recognizes that there is room for more data in the space that the old data was stored. When new data is inserted into the space where old data was previously stored, it is called “overwriting.” Until new data is inserted in this free space, meaning it overwrites the deleted file, the old data will still be recoverable on the hard drive. Anyone can access files before they have been overwritten by using a file recovery tool that scans the hard drive looking for deleted data. This is beneficial if you accidentally delete an important file, but it’s not good if you’re trying to get rid of customer data.
It’s important to note that if a deleted file is only partially overwritten, then some, but not all, of the deleted data will still be recoverable. For example, if you delete a file that is 10GB, and overwrite it with 6GB of data, then 4GB of the deleted file will still be accessible. Even if the deleted file is completely overwritten, it may still be recoverable. However, only highly trained individuals have the resources and knowledge to recover this type of data.
Why do operating systems hold onto files that the user clearly wants to delete? An operating system can remove the pointers on a file or folder within a matter of seconds. However, deleting the data by overwriting it with new data can take much longer. Therefore, the operating system is programmed to simply remove the pointers when a file is deleted in order to increase efficiency.
What is Data Destruction?
Whereas anyone can delete data, it takes a skilled professional to actually destroy data. The goal of data destruction is to completely get rid of any trace of the data so that it is no longer accessible. There are several different ways that this goal can be achieved, including physical destruction, degaussing, and overwriting.
Physically destroying data involves breaking data-containing devices such as hard drives. In order to ensure the data is completely destroyed, the device must be shredded into incredibly small pieces so no one can retrieve its information. This task is typically performed by an e-waste recycler using a machine known as a shredder, which breaks down electronic devices into small pieces. If the device is only partially destroyed, it’s possible that the data will still be recoverable. For instance, throwing a hard drive against the ground may damage it, but it won’t necessarily destroy the data. That’s why it’s best to let a professional that has access to the right equipment handle this job.
Degaussing is the process of demagnetizing the data-containing device. The degausser, the tool used to complete this task, removes the magnetic field from the device, which completely erases the data. Once the degausser has been used on a device, the data can no longer be recovered. This is a much quicker and more efficient way to destroy data if you have a lot of devices, which is why this method is often used by large e-waste recyclers.
Finally, there is overwriting. As previously mentioned, overwriting is the process of inserting new data into the space that was previously occupied by a now-deleted file. Most people recommend following the DOD and NIST guidelines to ensure that data is no longer recoverable.
As you can see, simply deleting customer data from your electronic devices is not enough to actually get rid the data. Customer data can still be accessed if you are simply deleting files prior to disposing of old electronic devices. The only way to get rid of data so that it is no longer recoverable is to destroy it using one of the methods mentioned above. At ERI, we overwrite data according to the Department of Defense and NIST Guidelines for Media Sanitization standards. Then, we physically destroy the device in our shredder to ensure that the data is gone forever. For more information on recycling your electronics, or to request a quote for your company, contact us today.