Secure Data Destruction vs. Secure Data Disposal
What’s the difference between secure data destruction and secure data disposal?
Secure data disposal includes securely disposing of data from your device, but not getting rid of it entirely. When you dispose of data (i.e. putting it in the trash or simply deleting files off of your computer), the data can still be accessed by malicious individuals.
On the other hand, secure data destruction includes wiping your devices clean of data – malicious individuals will no longer have the ability to access that data. In short, the difference is that simply deleting data is not enough to ensure that it is unrecoverable.
6 Methods for Securely Destructing or Disposing Data
When determining which methods to use to securely destruct or dispose of data, you’ll need to consider four major factors: the type of media, the sensitivity of the data being disposed of or destroyed, the end-of-life value of the data asset, and all applicable information security frameworks and legal requirements that your organization must adhere to.
Once you’ve factored in these four considerations, you can decide which of the following methods is most suitable for your organization’s needs.
Here are 6 methods of secure data destruction (4 methods to destroy data on hard drives and 2 methods for solid-state drives).
How to Securely Destroy Hard Drives:
When it comes to securely destruct data or securely disposing of data on hard disk drives (HDDs), or the physical location where the data is stored, consider using the following methods:
1. Clearing: Clearing removes data in such a way that prevents an end-user from easily recovering it. This method is suitable for reusing devices inside your organization.
2. Digital Shredding or Wiping: This method does not alter the physical asset. Instead, it overwrites data with other characters like 1 or 0 and random characters with multiple passes (e.g. DoD 5220.22-M algorithm).
3. Degaussing: Degaussing uses a strong magnetic field to rearrange the structure of the HDD. Once the HDD is degaussed, it can no longer be used.
4. Physical Destruction: This method ensures the secure disposal and destruction of HDDs as they are hydraulically crushed or mechanically shredded, so that data can never be retrieved or reconstructed.
How to Securely Destroy Solid State Drives:
For secure data destruction and secure data disposal of data found on solid state drives (SSDs), or the virtual location the data is stored, consider using the following methods:
1. Built-In Sanitization Commands: This method is effective if the device is to be reused within the organization.
2. Physical Destruction or Encryption: Using this method is the only true way to ensure device data cannot be recovered.
Enforcing an Equipment and Data Disposal Policy
To enforce secure data destruction and secure data disposal, you must have the right policy in place that create a culture of compliance. After all, your employees can be well-versed in data disposal and destruction best practices. Still, if your policies don’t reflect your business requirements for doing so, there is no way to hold them accountable for following them.
For this reason, when it comes to creating, maintaining, and enforcing an equipment and data disposal policy, we recommend including policies that…
1. Determine the personnel who will oversee the data disposal and destruction process
2. Define specific best practices that personnel should follow to ensure secure data destruction and secure data disposal techniques are used
3. Detail what is to be done with media devices that are no longer useful to the company’s needs, but do not need to be destroyed (i.e. laptops or smartphones to be made available for purchase to employees or donated)
4. Include requirements for updating asset inventory lists
5. Address non-compliance with the equipment and data disposal policy
For a detailed example of an equipment and data disposal policy. If establishing and enforcing an equipment and data disposal policy is not something your organization is equipped to do, you might also consider partnering with a third party to complete these tasks, provide you a certificate proving that your devices have been handled properly, and confirm that the devices have been physically destroyed.
All in all, having a robust equipment and data disposal policy that includes best practices for secure data disposal and secure data destruction is an integral component of establishing a culture of compliance within your organization. By doing so, you’re positioning your business as a trustworthy, reliable partner – which has become more difficult in today’s data-centric world.