Delete, Now Erase
YOU MAY KNOW BY NOW that when you press the Delete button to get rid of digital data, the targeted file or folder doesn’t really disappear; rather, it remains on a hard drive until it is overwritten by new data. When data is not properly deleted—sanitized, in industry terminology—it can be recovered using specialized software. This can be devastating if it’s corporate information retrieved by a competitor.
So how can you sanitize data properly? Look to the Guidelines for Media Sanitization, released by the National Institute of Standards and Technology (NIST), for a full explanation of cleaning up any kind of digital media. The guidelines describe four levels of deletion: disposal, when items are simply deleted; clearing, which will overwrite the media so that it cannot be uncovered using typical tools; purging, which uses processes such as degaussing to thoroughly destroy data; and destroying the media through disintegration, shredding, or sanding.
The document notes other types of media that need to be properly sanitized. A Media Sanitization Decision Matrix includes information on definitively deep-sixing sensitive information on paper, cell phones, PDAs, copy/fax machines, CDs, and other digital media.
Not sure how thoroughly you should be erasing your organization’s sensitive data? The NIST paper offers a flow chart that will help explain which level of sanitization is appropriate. Appendices refer readers to tools and resources, and highlight additional security considerations for home users and telecommuters.