We offer some simple and easy-to-follow advice to help you dispose of old equipment safely and securely
Imagine that your charity has just replaced a dozen aging laptops with newer, more powerful computers that will enable your organisation to become more data-driven. That begs a vitally important question: what do you do with the old computers?
At first glance it may not be obvious why this is vitally important. Surely you could sell the machines to any staff members who would like them, donate them to another charity that might need them, or perhaps just take them to a recycling centre?
The problem is that any unwanted computer equipment – laptops, desktops, and servers – will contain data in their storage drives. Some of that data could well be confidential, and, in the case of personally identifiable information, subject to strict regulations such as the UK GDPR.
That means that you should not get rid of these computers without first ensuring that the data contained on the storage drives is securely erased so that anyone getting hold of these drives will be unable to access it.
It turns out that telling your computer to delete data from storage drives doesn’t really delete it permanently. All it does is tell the computer that the data is no longer wanted and can therefore be overwritten.
But until that happens the data is still there and can be retrieved by anyone with a little knowledge of computers and an “undelete” tool. Even if you reformat a drive – an operation that is supposed to delete everything – it is still relatively easy to retrieve data that was stored on it.
So before disposing of any computer equipment, it is important that charities take stronger steps to remove any stored data from the drives. Here are the some helpful ways of doing so.
One way to render data on a drive unreadable is to remove the drive from the computer and destroy it. This can be done by drilling holes right through the drive, burning it, putting it in an acid bath, or even soaking it in a bucket of dirty water and then leaving it to dry.
These methods may be practical for one or two drives, but aside from the last method they could be dangerous, and are therefore not recommended.
A safer way to destroy drives is to use a hard drive crusher – an electric device which literally crushes the drives so that no data can ever be retrieved from them.
Traditional hard disk drives, but not solid-state drives (SSDs), use magnetic charges to store data on their platters, so an effective way to remove data stored on them is to ‘degauss’ them. This is a process which removes the magnetic charges.
To degauss a hard drive, you need a degausser – a machine that resembles a microwave – into which you place the hard drive for degaussing. (You can also buy degaussing wands which you can wipe over the hard drive’s platters, but you first need to open the drive to get access to the platters.)
Degaussing can be effective, but degaussing machines cost hundreds of pounds so they are only worth buying if you intend to erase a large number of hard drives. Some data deletion companies, however, will rent them to you or will come to your premises and delete your drives as a service.
Perhaps the most practical way of erasing hard disk drives is to overwrite the data on them many times. If data is overwritten with new data then the old data is very hard to retrieve, but by overwriting the data seven or eight times it becomes impossible for anyone to retrieve the original data.
To do this you need overwriting software which overwrites the drive or drives that you select on a computer in a process which can take several hours. That means you can leave the computer running overnight, and by the morning all traces of data on the drives you selected will be gone.
These programs can usually be run from a bootable USB drive, meaning that you can plug in the USB, start the computer, and tell it to delete all the data on all the computer’s internal drives.
Good overwriting software includes:
SSDs are becoming increasingly popular, but the way they work is different from traditional spinning hard disk drives. In particular, they store data electronically rather than using magnetic charges. That means they cannot be degaussed.
Perhaps more importantly, the SSDs internal controller carries out a huge amount of work moving data around the drive to ensure that all parts of it wear out equally. As a result, only the drive itself knows exactly where data is stored, which can make it difficult for traditional overwriting software to work effectively.
The good news is that almost all SSDs have an internal feature called ‘Secure Erase’, which causes the SSD to go through a process which securely erases all the data it contains.
The easiest way to invoke Secure Erase is to use the free SSD management utility that most manufacturers offer for free download from their websites. These include:
If you cannot find a management utility from a particular SSD manufacturer, you can also use a utility called Parted Magic, which is relatively cheap, and should be able to run Secure Erase on any SSD.