Why is it Important to Securely Erase Data?

Secure erasure of data is vital if you want to ensure confidential information doesn’t get into the wrong hands.

What is data erasure?
If you’re selling an old hard drive, or disposing of one, it cannot be stressed how important securely wiping the data from the drive is. Whether you’re a business or home user, the data on an old hard drive must be securely destroyed before it is disposed of. If you can imagine the sheer amount of data – much of it incredibly personal – that is stored on computers and laptops, you’ll understand the need to securely destroy everything on a drive.  So, how do you securely wipe a hard drive, and is data deletion the same as erasure? The short answer is – no. When data is deleted, it can still be recovered; erased data can never be.

We’ve written in the past about what happens when you delete data on a hard drive, but it’s worth going over the basics here. When a file on a hard drive is deleted, the data itself hasn’t actually been deleted – the master file table (MFT) reference has. The MFT is essentially a map to where the data is stored on the drive, and when it’s deleted, the space is marked as free, ready for new data to be written. As long as new data isn’t written to the drive over the old data, it is still recoverable. What’s worse is that it’s not exactly difficult to recover data that has been deleted – there are loads of free data recovery programs out there. Deleting data or reformatting a hard drive does not mean the data stored on it is unrecoverable.

Why is data erasure necessary?
Home users will likely have some sort of personal or private data stored on their hard drive, such as scans of passports and bank statements. This can obviously be dangerous information if it gets into the wrong hands. Businesses, on the other hand, store huge swathes of sensitive data on hard drives, data that could cause serious damage in the hands of cybercriminals, for example. A business needs to have adequate data disposal methods in place in order to ensure sensitive data isn’t compromised. The implications of a data breach due to a poorly-disposed hard drive could be catastrophic to a business, from a financial and reputation perspective. Businesses also need to adhere to the relevant data protection legislation; in the UK, this is the UK GDPR.

Blancco Technology Group undertook a study in 2019 into second-hand hard drives, and found a worryingly large number of them had data that was recoverable. Analysing 159 hard drives that had been purchased on eBay from sellers in the UK, US, Germany and Finland, the study found that 42% of the drives contained residual data, with 15% containing personally identifiabke information (PII). Among the data on the drives was school data, including names of pupils along with photos, and 5GB of archived emails from a major travel company.

How to securely erase data
Data sanitisation software is the best way to securely erase all traces of data from a hard drive. Also known as disk wiping, data sanitisation is a non-destructive way of permanently deleting data from a hard drive. Two well-known data sanitisation programs are Eraser, and Darik’s Boot and Nuke (DBAN). Eraser is an advanced security tool that allows you completely delete data on a hard drive, by overwriting it several times with selected patterns of dummy data. Another option, more feasible if you’re a disposing of a business hard drive, is physical destruction, using a device such as a degausser or shredder. Be wary of taking a hammer to a hard drive in an attempt to render any data on it unrecoverable – it is not guaranteed!

