The 6 Step Guide to IT Data Destruction

This short guide aims to provide you with a clearer understanding of the methods that you can use when you are disposing of data bearing assets. These range from simple software-based solutions to the physical shredding of devices. n2s can help you to choose the right option for your business.

To support the principles of a circular economy, technology assets should be reused to extend their product life wherever possible, without compromising data security. Preserving disk drives reduces electronic waste. If you would like to reuse or recycle your equipment, the physical destruction of data-bearing assets may not be necessary and it may be a more environmentally sustainable option to select a software-based sanitisation method.

Contents

What is data destruction

Data destruction is the process of permanently and irreversibly eliminating sensitive information stored on various media, such as hard drives, solid-state drives and other storage devices. Comprehensive data destruction is crucial for safeguarding sensitive information and preventing unauthorised access or data breaches. 

Why you need to sanitise data bearing devices

Business data is a critical asset and organisations rely on digital platforms to store and process data. The risk of unauthorised access and data breach has increased substantially as cyber-security threats, phishing attacks and data theft have risen.

Comprehensive data destruction ensures that confidential information is permanently removed and destroyed and ensures compliance with data protection laws such as GDPR and the UK DPA. Many industries such as pharmaceuticals, finance and healthcare have stringent regulations governing the use and removal of data. In short, the appropriate data sanitisation or destruction methods safeguard organisations from the legal and reputational repercussions associated with data loss.  

Types of data destruction

Matching the appropriate method of data destruction to the sensitivity of the data on the device is an important business decision.  There are software-based solutions which overwrite data on a device to recognised standards (such as HMG IA5 – enhanced level). This makes the data on a drive irretrievable. More comprehensive hardware-based methods include crushing or shredding.

Software-based methods

Drive reformatting : A simple reformat of a drive is easy and quick to achieve but does not remove or permanently destroy data. As such it is not a method that we would recommend if your organisation needs to permanently remove data from a device and reduce the likelihood of a data breach.

Configuration reset: Where your organisation needs to remove data from network devices such as switches or routers, we reset the devices according to the manufacturer’s recommendations and device specifications. The process removes configuration data and identifiable information by resetting the device to the original factory settings. This can allow the device to be reprogrammed and redeployed without any identifiers being present from its previous configuration.

Data erasure: Data erasure involves overwriting the data on a drive. There are varying degrees of ‘overwrite’ which apply to different types of drives. The standards used for more modern SSDs (Solid State Drives) differ from those used on traditional MHDs / HDDs (Magnetic Hard Drives). A typical 3-pass overwrite using software such as Blancco renders the data irretrievable and unable to be recovered.  A big advantage of using data erasure techniques is that the drive can be reused, extending the life of devices and contributing to a reduction of e-waste.

Hardware-based methods

Degaussing: Degaussing is a data destruction method that employs a strong magnetic field to disrupt and erase the magnetic patterns on a hard drive, rendering the stored information unrecoverable. This method does not work on SSDs but can be effectively used on MHD/HDDs and tape media.  This approach destroys the integrity of the drive or tape media, rendering it unusable and degaussed drives will require sustainable recycling. Organisations often use this as degaussers can be operated within a customer premises when an organisation needs to witness the destruction.

Crushing:  This method of physical disk destruction simply damages the disk structure so that the disk cannot be reinstalled into a system and read. The process distorts and tears the data bearing disk platter where the ‘bytes’ of data are stored. The data is not removed but the disk is made unreadable. A hydraulic press or manual crusher is used to crush the hard drive rendering it irreversibly damaged.  When crushing SSDs, an important consideration is that data bearing microchips in the disk may remain intact which could result in data being retrieved.  

Disk crushing is a cost-effective method of data destruction which can be carried out at a customer’s premises.  This approach is often used in conjunction with secure and accredited offsite shredding to permanently render the disk unusable and the data irretrievable.

Why shredding maybe required

shredding

This process involves the physical shredding of data-bearing devices including hard disk drives (HDDs), solid-state drives (SSDs), and tapes. There are multiple options when considering disk shredding which depend on your organisation’s risk appetite, the cost of disposing of drives and the time taken to complete the disk destruction.

Data destruction is often governed by various regulations and guidelines, with some industries requiring more comprehensive destruction than others. Many businesses opt for the physical shredding of data-bearing devices for some key reasons:  

  • To ensure that data is completely destroyed, preventing any possibility of recovery. 
  • To adhere to data protection regulations, as some industry standards require secure and irreversible data destruction. 
  • To eliminate the risk of data leakage or theft, protecting sensitive information and brand image. 

Top Tip: Remember to always follow local regulations and industry standards when implementing data destruction methods. If you do not know what level of destruction you require, we have a team of experts who specialise in secure data disposal who will be able to assist you.

To support the principles of a circular economy technology assets should be reused to extend their product life, reducing electronic waste and minimising the environmental impact associated with manufacturing new devices. If you would like to reuse or recycle your equipment the physical destruction of devices will not be necessary, and it would be better to opt for sanitation methods of data destruction. 

The level of shredding needed

We regularly shred drives to a 6mm, 12mm or 20mm strip. The smaller shred sizes take longer to complete but result in more comprehensive destruction. Certain branches of government will mandate smaller shred sizes of 6mm. In commercial businesses, the larger shred sizes often suffice as the data is still rendered irretrievable.  

On-site or offsite destruction

Another element to consider is whether you need on-site or off-site destruction. Onsite data destruction methods involve bringing a secure, dedicated shredding vehicle to your premises to allow you to witness the destruction of your assets, providing security assurances for witnessed destruction before the data-bearing device leaves your organisation’s premises.

Whether your data-bearing assets are destroyed onsite or are removed for off-site processing it is important to choose a partner who carries comprehensive certifications such as ‘CAS-S’. This is a National Cyber Security Centre (NSCS) data processing certification which permits a company such as n2s to handle data-bearing devices carrying UK government classifications up to Secret level.

Following the 6-step process and understanding your requirements and obligations will result in you being able to select the appropriate method of data destruction. It is important that you seek out professional advice to ensure that you comply with local regulations but that you also select a cost effective and efficient method of disposal.

An important consideration is to avoid unnecessary e-waste through physically destroying all data bearing devices if this is not necessary.

n2s is redefining the technology lifecycle with specialist expertise in the sustainability, security and compliance challenges associated with technology. We are the first technology lifecycle management provider with expertise in decarbonisation to truly empower SMEs and large enterprise businesses to deliver and report on their IT sustainability goals.
Share this article
Andrew Gomarsall speaking

Andrew Gomarsall

Executive Director

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo. Consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus.