Picture the scene: you’ve decided to invest in a new PC. Your current hardware is getting on a bit, or perhaps it’s starting to act up – so you’re selling it, sending it off to be recycled, or donating it to your nan. Pretty standard stuff, right? Here’s the catch: your old hard drive is full of your personal data, and you’d like to avoid anyone getting their hands on it. Even if you think it’s just some old documents and photos you’ve already backed up, there’s probably all kinds of other data on there. Browsing history and stored cookies (saved passwords!), cached files and images, registry entries and much more.
If you’re a business, this problem is compounded. You might be buying multiple new machines, and you can’t risk a data breach with the GDPR in full force. You’ve got to efficiently wipe anywhere from a couple to hundreds of drives to avoid any data reaching the public You certainly wouldn’t be the first company to suffer that fate. A few years ago, Brighton and Sussex University Hospitals NHS Trust failed to properly clear confidential patient data from old computers, and were handed a hefty £350,000 fine when this data was found in the wild. Under the GDPR, this fine could have been significantly more.
“But surely,” I hear you ask, “I could just format my hard drive?” Sure, you could – but what if I told you that formatting a drive doesn’t necessarily remove the data? To explain this, we’ll need to understand a bit about how data is stored on hard drives.
Storing data the hard (drive) way
Have you ever noticed that if you move a large file from one folder to another on your drive, it takes no time at all – but if you were to copy that file to a USB drive, it would take much longer? This is possible because each file is stored with “directions” on where to find it. If files are houses in a street, then these directions are the route that the operating system can take to reach a particular house. When you “move” a file from folder A to folder B, that file hasn’t actually moved at all; you’ve just moved the directions to find it. Of course, moving that file to another device means those directions won’t make sense, so the entire file has to be copied.
If you format a hard drive, what you’re actually doing is simply deleting all the directions to all the houses, so the operating system has no way to find any of them. The houses themselves – or rather, the files – are still there, and they can be found again with the right tools. Using recovery software is like walking down a street and checking every house to see what’s inside; even without directions, one can track down the stored information. The solution to this is what’s called a “Secure Erase”. There are tools available online to perform a Secure Erase, such as the free DBAN program. (The good folks over at Gizmodo compiled a list of useful utilities for wiping various media, though they also mention the need for degaussing for maximum security – more on that in a bit.) Secure Erase is the equivalent of bulldozing and paving over the houses; it overwrites all the data on the drive, ensuring that no matter how hard you look, you won’t find the address you’re looking for.
So what’s the catch? Well, that depends on your time, effort and security requirements. Secure Erase or other hard drive wipe tools aren’t the quickest methods to destroy all the data on a disk, not by a long shot; a full wipe with multiple passes to ensure complete data erasure will take several hours per drive. It’s possible to skimp on the passes to get the job done quicker, but you run the risk of not successfully erasing everything. There’s also an expertise barrier involved in using Secure Erase tools; they typically require a CD to burn the software on to, as trying to wipe a drive while running the operating system would be… problematic. This software is often quite complex and not necessarily user-friendly, so may prove difficult for the average non-technical person to get their head around.
There’s an alternative to trying to wipe the data off your hard drive, but you won’t like it. I’m talking about destroying the drive.
If you’re trying to sell on an old PC, the last thing you’d want to do is destroy a key component of said PC – but hear me out. Hard drives don’t last forever. Being a piece of hardware which takes more strain than perhaps any other in a computer, constantly hammered away at with read and write operations, hard disks are prone to degradation and eventual failure. Fortunately, they’re also pretty cheap to replace, and you could pass the cost of that replacement on to your potential buyer while making back a few pennies by recycling your old drive.
“Recycling!? Surely that’s a risk of a data breach, and weren’t we trying to avoid just that?” Of course, but nobody said you’d be handing over the drive intact and stuffed with your data. Before disposing of the drive, you should absolutely clear its contents, and that’s where degaussing comes in. Now that we’re no longer concerned with retaining the usability of the drive, we can carry out all manner of destructive activities on it, from shredding to incineration to simply smashing it with a hammer. But it’s degaussing that takes the cake as the ultimate solution for secure data erasure. Simply place the drive into the degausser, hit the button, and after a few seconds – bam, the drive is totally erased through a powerful magnetic field. It doesn’t make a mess or kick out a load of toxic fumes, and it leaves the drive in one piece ready to make you a nice return from scrap recycling.
The major downside to hard drive degaussing, other than turning your drives into expensive paperweights, is the cost. It’s an ideal solution for large companies with a whole lotta drives to get rid of, but degaussing is way over-budget for the average consumer. For them, we’d recommend the aforementioned Secure Erase – or if you’re less technical and don’t mind losing the drive, simply dismantle it, smash it and scratch the platters to bits, then securely dispose of it. Whatever you choose, just remember: when you hand your PC over to its future owner, ensure your data is nowhere to be found.