You should never toss a hard drive into a dumpster — hard drives are recyclable, and given that we create more than 59 million tons of electronic waste every year, every bit of recycling counts (pardon the pun).
But while recycling your e-waste is an excellent idea from an environmental perspective, privacy and security are also important. Once you’ve lost custody of your device, anything could happen. You want to destroy all recoverable data on the device before it leaves your control.
As a leading data recovery provider, we’ve got tips for preventing anyone — including trained forensics engineers — from accessing your data. Here’s everything you need to do before you recycle an old hard drive (and tips for handling the process at scale).
Protect your data by performing a complete overwrite of your HDD.
The best practices of data sanitization are outlined in the National Institute of Standards and Technology (NIST)’s SP 800-88. If you’re not in the IT industry, however, you don’t need to read through that document — just understand that there are two basic ways to secure your data: By purging it with logical methods or destroying it with physical methods.
Of these options, purging is easier, while destroying is less time-consuming. If you’re clearing a single hard drive and it’s still functional, purging is your best bet.
To purge data in a way that makes it entirely unrecoverable, you must overwrite all data at least once with a fixed data value. We do not recommend specific software products, but free utilities like Darik’s Boot and Nuke (DBAN) and Macrorit Data Wiper are popular options.
These programs overwrite data on a low level. Why is that important? The short answer is that when you delete a file from a hard drive, it’s not necessarily gone; the operating system simply marks the space occupied by the file as “available.” Over time, the file will be overwritten, but it’s still recoverable in the meantime.
Fully overwriting the file will completely prevent any chance of recovery. Obviously, you’ll want to back up any important files before using secure deletion software (particularly Boot and Nuke, which is extremely simple and effective).
Related: When Data Is “Gone Forever:” 3 Impossible Data Recovery Scenarios
Physical data sanitization methods can also prevent unauthorized data recovery.
If your hard drive is not operational — or if you’re a bit paranoid about your data security — you can physically destroy the device.
To do this, you’d simply open up the hard drive, remove the platters (the discs that store your data), and treat them like murder weapons: Scratch them, smash them, or shatter them into a hundred pieces.
Of course, this is easier said than done. Some general concepts to keep in mind:
- While the printed circuit board (PCB) is an important component, destroying the hard drive’s electronics will not necessarily make data unrecoverable. You must target the platters.
- Most hard drive enclosures are secured with Torx screws, so you’ll need a Torx screwdriver set to get to the platters.
- Many hard drives have multiple platters. Each side of every platter must be physically destroyed to prevent any chance of recovery.
Physically destroying a hard drive isn’t especially difficult — in fact, if you’re interested in electronics, it’s quite fun! — but it’s extremely time consuming. At scale, you’ll need commercial degaussers (which demagnetize platters) and/or shredders.
For large-scale hard drive recycling projects, plan carefully.
If you’re recycling 100 or more hard drives, your best bet is to work with an experienced data partner that can perform software/physical data sanitization. Look for a partner that can provide a chain of custody report and other relevant documentation of the process. This is especially important for organizations that need to maintain compliance with PCI-DSS and similar privacy/security laws.
Datarecovery.com provides cost-effective data sanitization services designed to aid in compliance and reduce IT department workloads. To learn more, submit a case online or call 1-800-237-4200 to speak with an expert.