Data Sanitization and Methods


Data sanitization refers to the deliberate process of permanently and irreversibly destroying data stored on memory devices. When done properly, data sanitization ensures that no data can be recovered, even with advanced data sanitization software. Data erasure, cryptographic erasure, and physical destruction are the three industry-wide methods of data sanitization.

How to Sanitize Data?

Usually, when data is deleted using conventional methods like reformatting, the data is not really erased and can be recovered by someone with the requisite skills and software. This raises concerns about data privacy and security. On the other hand, proper data sanitization methods are deliberate and effective, ensuring permanent erasure.

Computer Liquidation Services
ITAD Checklist

Make an Informed Decision

Download the CHecklist

Need for Data Sanitization

The principal need for data sanitization is to protect sensitive personal and corporate data. The permanency and irreversibility of data sanitization methods ensure that when old electronic equipment is decommissioned or resold, all sensitive data is purged. 

Stricter regulation around compliance has also necessitated the need for data sanitization. For instance, the EU’s General Data Protection Regulation (GDPR) demands that companies erase customer data upon request and prove subsequent data sanitization efforts. 

Other industries and work contracts also have strict regulations that dictate the disposal of data. Fields like health care or government contractors must adhere to industry-specific guidelines for data disposal that requires the use of proper data sanitization methods.

Data Sanitization Guidelines

Data sanitization is governed by various guidelines that are dictated by the type of industry, company, and needs a client may have. These guidelines are set to ensure data sanitization security.

Generally, the following data sanitization standards and policies apply:

  • Sanitize all storage media of electronic equipment when it is no longer in active use.
  • Sanitize all storage media of electronic equipment before the sale, donation, or transfer of ownership.
  • Use the best data sanitization methods such as data erasure, cryptographic erasure, or physical destruction.
  • There must be verification steps and certification documentation that assure that complete data sanitization.
data sanitization

Data Sanitization Methods

While there is free data sanitization software in the market that promises to deliver complete data sanitization, there are 3 data sanitization techniques recognized as the most effective and best data sanitization methods. These are physical destruction, cryptographic erasure (or crypto erase), and data erasure. So let’s dive deeper below.

Physical Destruction

Physical destruction is the best data sanitization method. It refers to the process of physically shredding hard drives, smartphones, laptops, printers, and other storage devices into tiny pieces using large mechanical shredders or degaussers. Degaussing is a type of physical destruction method where data in decommissioned storage media is exposed to a powerful magnetic field. This neutralizes the data, making it unrecoverable. Degaussing is most effective on hard disk drives as well as tapes. However, these hard drives and tapes cannot be reused or resold. Degaussing is not regarded as an effective data sanitization tool for solid-state drives (SSDs).

Hard drive Shredder/Crusher

Cryptographic Erasure

This data sanitization method involves the use of encryption software to sanitize data. Cryptographic erasure works by using encryption software, whether built-in or manually deployed, on the entire set of data on the storage device, then deleting the key that would have been used to decrypt the data.

According to our partner Blancco, considered the gold standard in erasure software, the encryption algorithm must be a minimum of 128 bits and lists the following steps to ensure proper data sanitization through cryptographic erasure:

  1. Cryptographic erasure can only be supported when the encryption on the data storage device is on and access to the API call to the said device is granted to remove the key.
  2. This method must ensure that the encryption key has successfully replaced the old key with a new one, thereby rendering the data encrypted by that key and the old key itself unrecoverable.
  3. An inviolable certificate must be provided by the cryptographic erasure software that asserts that the key, device data, and standards have been removed.

Data Erasure

Data erasure, considered the highest form of securing data within data sanitization techniques, is software that writes over all the data with zeros and ones. This renders the data unrecoverable and achieves data sanitization on the storage device.

To achieve successful data erasure, Blancco notes that data erasure software must do the following:

  1. Data erasure software must let you choose a specific standard that works for your organization and industry.
  2. This data sanitization method must guarantee and verify that data erasure has been successful and that the overwriting methodology has removed all targeted data.
  3. An inviolable certificate must be provided by the data erasure software that asserts that the key, device data, and standards have been removed.

See how much your IT equipment is worth

See My ROI

Pros and Cons of Data Sanitization

When choosing an IT asset disposition (ITAD) partner, it is crucial to consider their data sanitization policy. Do they offer solutions that are tailor-made for your needs? What regulations do they abide by? What assurances do they offer?  Are any reports and certificates verifiable and auditable? These are important considerations that an ITAD partner must satisfy beyond a shadow of a doubt before you can trust them with your business. 

At TechReset, we are certified silver partners with Blancco, the world leader in erasure software, so you can be sure that our data sanitization techniques meet the highest and strictest demands in the market. Whatever your needs, we have partnered with the best-in-class and meet stringent worldwide standards for your benefit. Our data sanitization techniques are backed by a Certificate of Data Cleanse and an audit report that will detail the status of all your equipment. If you wish to resell your old equipment after the data sanitization process, we have partnered with Value Added Resellers to facilitate the best resale terms in Canada. We are a true ITAD partner in every sense of the word and are happy to partner with you throughout your data sanitization and asset disposition journey.

Related Posts