Best methods for Hard Drive Data Sanitisation

What are the priorities?

We know that disposing of used hard drives can bring risks to data security.  But what are the options and what are our obligations when it comes to Hard Drive Data Sanitisation?  Data security has to take priority, but what other factors should we consider?

The first factor to take into account is what data is on the device.  ‘Top Secret’ data, as in Government or Military data, physical destruction, most commonly by shredding, would be the correct method for data destruction.

Other types of hard drives should be treated in a more sustainable method.  In most cases, the type of data is unknown, so they all need to be treated securely.  Data Protection laws such as GDPR (covering personal data) are in place to help ensure that data-bearing assets are treated appropriately to protect us all.

The options

So, let’s look at the options.  We have to remove the ability to access data, but achieving that in the most environmentally sound way is also key.

The question we need to understand is where did the drives come from.  If a company is moving its data centre into the cloud, therefore their old servers and disk arrays are no longer needed.  Or a company is looking to upgrade its desktop environment and they have surplus systems they no longer require.  All drives contained within these systems are more than likely fully functioning.  Therefore, the best form of data sanitisation would be by using Data Wiping and the drives can be reused.

Environmentally reuse is better than recycling

Data Wiping software works by writing random data over the data already on the drive.  Overwriting ensures that no historic data can be read or recovered rendering the device safe for reuse.

However, drives that are known to be faulty need to be treated differently.  Just because a drive is deemed to be not functioning, does not mean that data can’t be retrieved.  The only way to ensure data sanitisation will be by physical data destruction or shredding.

Hard Drive Shredding is the method of physically destroying the media by cutting the drive into pieces.  A 6mm cut is more than sufficient for more applications.

Shredding the drive renders the drive unusable and the remaining waste can be refined & recycled for its raw materials (metals).

Make your choice

Depending on individual risk management comfort levels, it’s well known for companies to have a ‘shred everything’ philosophy.  While it provides a high level of data security, it is the least environmentally friendly approach.  Knowing the type of data and where the drive has come from is paramount in making the appropriate decision on the best data sanitisation method.  The UK Government, National Cyber Security Centre (NCSC) has additional information that can be found here.  If you are looking for a partner to guide and provide data sanitisation services then take a look at our dedicated webpage.