What are the risks of not wiping the memory and storage media in a device before you discard it?

All organizations should be familiar with data sanitization, a crucial aspect of data protection. So why are so many still not taking the appropriate measures to permanently remove data from their devices? One reason is the variety of myths surrounding data sanitization. What does data sanitization really mean? What happens when attempts to remove sensitive information is done the wrong way? Companies are easily at risk of not complying with GDPR and other data protection regulations.

Table of Contents Show

What Is Data Sanitization?
Myth 1: Deleting Files Is Enough
Myth 2: Formatting Deletes Data Permanently
Myth 3: Degaussing Works for All Devices
Myth 4: Physical Destruction Is Always the Best Choice
Myth 5: Data Wiping Is Too Expensive
Where will I find my data?
My data is in the cloud. How do I delete this securely?
Where do I get overwriting software from?
I cannot decide between physical destruction and overwriting.
What is the difference between data deletion and data destruction?
Can I get someone else to securely delete data from my equipment?

To make sure you won’t be fooled by data sanitization myths, we will share 5 of the most common ones. You will likely be familiar with at least at least 1 or 2 of these myths, but it’s never too late to fix the situation by using data wiping software.

What Is Data Sanitization?

Data sanitization is the process of permanently removing or destroying the data stored on a device. After sanitizing the storage media, data will be unrecoverable, even with the assistance of advanced forensic tools. Beyond removing the files and folders, the sanitization process will permanently remove all Data Remanence, or residual traces of the data.

Myth 1: Deleting Files Is Enough

The most common piece of misinformation surrounding data sanitization may be the belief that 'deleting' files by normal means is enough to make them disappear for good. When we say 'deleting' files by normal means, we refer to the process of moving files to your Recycle Bin and then emptying it, or simply holding Shift + Del. Although emptying your Recycle Bin seems to make files vanish, this really isn’t the case.

In reality, files that are deleted in these ways remain on your computer and can be retrieved with common file recovery software. This problem exists because of Data Remanence.

Myth 2: Formatting Deletes Data Permanently

Formatting a computer’s hard drive is often performed when people want to remove all the information. Unfortunately, formatting a hard drive does not permanently delete its contents. Instead, formatting allows you to perform a fresh installation of an operating system by unlinking all the files in the hard drive’s file system.

So, while formatting your computer makes it seem like your data has been removed, the information will still be stored on your system and can be recovered with file recovery software.

Myth 3: Degaussing Works for All Devices

Degaussing is a method of physically destroying data by using a powerful magnetic field that leaves data in an unrecoverable state. It’s true that degaussing can be an effective way of permanently destroying your data, but it doesn’t work on all devices.

In fact, degaussing only works on magnetic storage devices like hard disk drives (HDDs). This is a problem if you want to permanently remove data from a solid-state drive (SSD) – degaussing doesn't work on SSD as data is not stored magnetically. Instead, SSDs use flash memory chips. Degaussing doesn’t work for optical storage devices either.

You should also keep in mind that degaussing modern HDDs can be problematic, as degaussers may have insufficient strength to counteract newer types of magnetic storage media.

Myth 4: Physical Destruction Is Always the Best Choice

If your organization has a hard drive that’s no longer needed, a quick Google search will tell you there’s 2 ways of dealing with it securely — wiping its contents with software or physically destroying the drive. In this case, it’s true that both methods can be effective, but that certainly doesn’t mean physical destruction is the best option.

First of all, when you destroy an old hard drive with a hammer – or your preferred tool to smash or burn – you are creating harmful electronic waste that may not agree with your company’s sustainability policy. Taking the path of destruction also rules out the possibility of keeping the hard drive as a handy backup or donating it to someone in your local community. In addition, burning or smashing your drive destroys the storage media, not the data itself.

Myth 5: Data Wiping Is Too Expensive

Some organizations tend to think that securely wiping their vulnerable information is not a worthy investment. While it’s true that effective data wiping is a paid solution, the cost of the software and additional support is very little when compared to the risks of not having reliable data sanitization measures in place.

By failing to securely remove sensitive information, organizations are risking more than their reputation. They face the possibility of data breaches, which can result in paying huge fines for not complying with regulations like GDPR. If anything’s too expensive, it may well be the foolish decision to not invest in data sanitization software.

Now that we’ve separated fact from fiction, there should be no remaining doubts about the importance of data sanitization and how to do it properly. If you want to learn more about securely wiping hard drives clean, check out our ultimate guide. To get started with Jetico’s secure data wiping solution, begin your free trial of BCWipe today.

Ready to learn the 5 most common cybersecurity myths?
Read our blog: 5 Cybersecurity Myths & How to Overcome Them

Getting rid of your computer? Laptops, mobile phones and other devices may contain personal information that you wouldn’t want others to see, such as passwords and credit card information.

It’s important to properly delete any personal information before you sell or dispose of your hardware, so that it cannot be accessed by anybody else either by mistake or for malicious purposes.

Also, if you have a device that is faulty think about what personal data is stored on it before you dispose it. Remember that just because a device will not turn on does not necessarily mean that the data is not accessible by someone.

Personal data can be stored on any device with a permanent memory, including desktop and laptop computers, external hard drives, games consoles, mobile phones, tablets, faxes, printers, and removable memory such as that found in digital cameras. When deciding what to do, consider the type of media the data is stored on and whether or not this is easily accessible.


This involves physically destroying the media so that it can no longer be used.	Once destroyed, data on the media will not be recoverable except using specialist, expensive equipment. You can destroy the media without specialist equipment. If you can remove the media you can destroy it separately and leave the device intact. This is a good method of destruction for removable media such as CDs and DVDs.	You will have to replace the destroyed media with a new storage facility if you want to use the device again. If you are not able to remove the media from the device you will have to destroy the device itself. Removing the media may invalidate the warranty. Fragment particles raise health, safety and environmental complaints. Consider specialist help for devices with hazardous elements eg mobile phones and batteries.
This involves using software to overwrite data one or more times.	Simple and cheap. The media can be reused once the overwriting is complete.	Large drives may take some time to overwrite multiple times. Ineffective on some media such as write-once CDs. It may be difficult or impossible to remove the media from the device.
Many devices offer a function to ‘Restore to factory settings’. This will return the device to the state in which you bought it.	Can be used on devices which do not have removable or otherwise accessible storage media.	This method relies on the device manufacturer to have implemented a secure wiping stage into the factory reset process. You should check with the device manufacturer to determine if this is sufficiently secure.
There are many organisations which will securely delete data from a range of devices and types of media. These organisations will destroy or overwrite your data on your behalf.	A specialist organisation may be able to return, reuse or recycle your media or device after they have securely deleted your data.	You will need to check the organisation’s processes to be sure that your data will be securely deleted. If you can, you should perform another secure deletion method or at least a ‘restore to factory settings’ before you send a device to a specialist organisation.
Formatting media recreates the data structures and file system.	A full format can be used in conjunction with overwriting to provide further assurance that data cannot be recovered.	A reformat is not sufficient to securely delete data because the data can be easily recovered using freely available software.

Where will I find my data?

Desktop and laptop computers will have a hard drive inside where your data is stored. Above you'll see some common types of hard drives found in PCs and laptops.

Don’t forget that you may have personal data stored on other memory types such as USB drives, CDs and DVDs and SD cards (eg in a camera or mobile phone).

My data is in the cloud. How do I delete this securely?

Securely deleting data from the cloud or other remote storage service cannot be achieved by you running overwriting software. You should contact your cloud provider to see what service they offer to securely delete the data.

Where do I get overwriting software from?

Software products which can perform the secure deletion of data are available from IT security firms. There are also other software products (often free) which you can download and use. However, when obtaining software from the internet you should make sure this comes from a reputable source and that you review evidence that the software has been tested against the claims that it makes.

I cannot decide between physical destruction and overwriting.

In choosing between physical destruction and overwriting, the main point to consider will be whether or not you want to use the media again. Physical destruction will completely destroy the media so it is only appropriate if you are sure that you do not want to use it again.

What is the difference between data deletion and data destruction?

Data deletion is when data is removed and is no longer available in plain sight and can’t easily be recovered. If you perform a ‘quick format’ of your hard drive or perform a factory reset of your device, you will be typically deleting data. It’s not enough to send an item to your recycle bin to delete it, you need to remove it from there too. Data recovery experts can restore this data but even with that said, data deletion is generally an adequate method of removing personal data from a device in most situations.

In contrast, data destruction is when data is removed from your device and can never be restored, even by professional data recovery experts. Examples of data destruction are physical destruction of the data storage, secure data removal software or sending the data to a specialist data destruction company. You might consider data destruction if you feel the data on the device is of such importance that you would not want to risk the data ever being recovered by someone else.