To protect your personal or business information, you delete old files. It’s the steps most people do take and think that’s good enough. You deleted the scan of a customer’s driver’s license taken before selling a new car. At home, you scanned your passport application so that you had a copy until your passport arrived. You have your passport now and delete the file. This isn’t enough. If you think deleting files destroys your data, you’re wrong.
All file deletion does is remove the pathway that your operating system takes to retrieve the file. Think of it as the road between a hidden area of your hard drive and your documents folder. You think it’s gone, but the truth is that file is still hidden somewhere in your hard drive. Anyone with the right know-how can easily retrieve that information. What’s hidden on your hard drive that could be stolen and create a nightmare in the wrong hands?
Data Destruction vs. File Deletion
Deleting files is the step most people take to remove files. Depending on the program, you may click a trash can icon to delete the file. For others, you might right-click and choose “Delete File” from the menu. With Windows, you’ll see a trash can on your main screen that collects files you’ve deleted. You empty that from time to time and the files disappear. The problem is they really haven’t disappeared for good. Anyone with an undelete utility could retrieve them.
Data destruction is the only way to delete files for good. There are a few ways to destroy data. You could take a sledgehammer to your hard drive. It’s not the most practical method, but your files are all in tiny shards that would be impossible to recover.
You could reset the electronic device to factory conditions. That will do a lot more than deleting files. It’s still not your best option. Windows 10 makes it easy to remove your files by using the “recovery” function and clicking the option that says you want to “remove your personal files.” That wipes everything and reinstalls Windows. Experts aren’t convinced it’s the best choice. Why? Avast purchased 20 smartphones that had all had a factory reset completed. Their experts were able to retrieve photos, emails, text messages, address books, and even a loan application
Wiping the hard drive clean with special software is a better choice. With a hard drive eraser utility, the files are wiped and replaced with random characters. Those characters have no value or meaning, so they’re useless to anyone who may try to get hold of an old file. Hard drive eraser utilities may require you to purchase the software or may be free. It depends on the utility you choose. No matter what you pick, if you’re given the choice on the erasing pattern and number of passes, pick as many passes as you can for the highest level of security.
Another option is degaussing. This process alters the magnetic domains within devices that use magnetic data storage, such as a hard drive, VHS tape, or reel-to-reel tape. With the magnetic domains changed, the information is scrambled and becomes impossible to fix. Some devices can never be restored for reuse, but others (such as cassettes or reel-to-reel tapes) are wiped to a blank slate and will be ready to get used again. Degaussing is often used to destroy government files before the electronic item is shredded.
Shredding is a process where machines that resemble paper shredders chop electronics into tiny pieces. Those fragments are then sorted into metal, plastic, and glass. From there, they are melted back down and used to make new items.
What Can You Delete vs. Destroy?
How do you know what to delete and what to destroy? The most important rule is to look at the file itself. The invitation to a summer BBQ isn’t going to pose problems deleting it. It’s not something that will be of value to a hacker.
The tax and benefits forms you had to fill out and submit to headquarters after you land a new job is different. Information like your SSN, date of birth, and driver’s license would be very valuable. That is something you do not want to get into the wrong hands.
How can you decide if some files are okay to destroy? Ask yourself a few questions before making the decision. Ask yourself:
- Is there anything in this file that could be used against me or to cause me financial or legal harm? This includes photos, photocopies/scans, and new documents you created.
- Is there any point when this file would help me months or years down the road?
- Would I be comfortable printing this letter/form/photo out and handing it to a stranger?
- Would the information in the file cause someone else distress or financial harm?
- Is anything in the file bound by confidentiality protections, such as HIPAA and a patient’s medical notes?
If you answer yes to any of those questions, data destruction is a much better option. You need to destroy data before you sell electronics online, in a yard sale, or in a business closeout sale. You shouldn’t give items to a local charity without destroying the data. If a company is closing down or selling older copiers, fax machines, and printers, the data in those needs to be destroyed, too.
It’s the only way to be sure that the data cannot be retrieved. When it comes to destroying the data, you should ask an expert like ERI about data destruction. The method you use may be bound by privacy regulations. For example, a retailer will not have to follow the same rules as a hospital. With different levels of data destruction, you need to carefully choose the right one.
Stories That Show the Risks of Improper Data Destruction
How often is data theft linked to improperly destroying data? While many cases of data theft and breaches are linked to malware, hacks, and stolen devices, they can happen if you don’t permanently destroy your data.
Blogger and security engineer Josh Frantz bought 85 electronic devices from different businesses. The devices include computers, cellphones, hard drives, and flash drives. Only two of them had been properly wiped. Of those 85 refurbished or donated computers, he found a lot of private information. He found SSNs, dates of birth, full credit card numbers, email addresses, and plenty of photos and photocopies. Imagine having your date of birth and SSN falling into a stranger’s hands!
In 2014, revealing photos of several celebrities were linked to a hack of their iCloud accounts. More problematic was one celebrity’s claim that she’d long since deleted her files so she didn’t understand how they were taken. While she deleted the photos from her phone, they were not completely deleted.
A more recent story came from a U.S. resident who purchased several old components replaced in Tesla cars. While owners believed data on the replaced devices was being destroyed, the purchaser was able to retrieve addresses, call history, and passwords to apps and websites.
Blancco Technology Group performed its own study and purchased 200 refurbished or used hard drives and SSDs from Craigslist and eBay that had been wiped. They were able to retrieve information from 78% of those hard drives. More concerning is the type of information they were able to get hold of. Blancco’s experts were able to get hold of bank account information, SSNs, and photos.
How Do You Make Sure You’re Data is Destroyed?
How do you know if your data is being destroyed properly? You could try to do it yourself, but it may be a task you’re more comfortable leaving for an expert. If that’s the case, you need to carefully choose your ITAD company. Some say they process everything, but they send it overseas. In 2018, a Washington e-recycling company was found guilty of sending electronics overseas to Chinese laborers.
You do have to be careful. Before entrusting your recycled electronics with any company, check their certifications. You want to choose a company that goes through random audits to ensure they keep their promises to destroy data and recycle electronics within the U.S. in their facilities. Look for these certifications:
- e-Stewards: Ensures companies do not illegally dispose of electronics by shipping them overseas to developing nations.
- NAID AAA: Ensures that companies comply with data protection laws.
- R2: Ensures safety measures are followed to keep workers protected from any safety or health issues while recycling and refurbishing electronics. Also protects the environment from hazardous materials being improperly disposed of.
ERI specializes in data destruction and e-recycling services and holds those certifications and several others. We offer data destruction at four levels that range from Standard Compliance to Demilitarization Services. Real-time visibility and tracking through our Optech™ system makes it easy to follow each step your electronic devices take. Call us to arrange on-site or off-site data destruction and learn more about our add-on options like asset registration, destruction witnessing, and serialization.