Everyone is responsible to safeguard the sensitive or confidential data of the university, so before the disposal of any storage media, it is important to securely remove all the data inside. Simple deletion of data files or format the storage device is not sufficient enough to remove the data, since they can be easily recovered by many file recovery utilities.
The following gives you some guidance on how to securely remove the data in the storage media before they are reused or disposed, in order to protect the confidentiality of data:
- Check if the storage media once processed or stored any sensitive or confidential data before. If it is not sure, it should assume that the storage media did processed or stored sensitive or confidential data before.
- Use appropriate method to securely and permanently delete the data inside the storage media before they are reused or disposed. There are 3 common methods:
Method Description Storage Media Reusable? a. Clearing This method makes use of some overwriting software to overwrite the storage space on the storage media with bit patterns, i.e. 1s, 0s, and random values. This can ensure that the data cannot be recovered when the storage media is reused.
Example of overwriting software:
Yes b. Degaussing Degaussing is a method that makes use of a degausser to magnetically erase the data. A degausser is a device that generates strong magnetic field to the magnetic storage media in order to destroy its magnetic domains.
The storage media can no more be reused after this process, so it is more suitable for storage device that once processed or stored highly sensitive information.
No c. Destroying An ultimate method to securely delete the data is to physically destroy the storage media itself. After the media is destroy, it can no longer be reused as originally intended, so it is more suitable for the storage device that once processed or stored highly sensitive information. No
- Guidelines for Media Sanitization (SP800-88), National Institute of Standards and Technology
- IT Security Guidelines (G3), version 6, OGCIO
Creation Date: 31 Jul 2012