How do I sanitize (securely delete) or destroy devices and data? (Interim)

Overview

Part of proper data and device (asset) management is the secure deletion (sanitization) and destruction of data when it is no longer required for a project and not suitable for preservation or subject to retention or archiving requirements.

What you can do

  1. Determine whether your data should be preserved or archived?
  2. Determine the classification of data stored on the device: Data Classification.
  3. For confidential, sensitive, restricted, or regulated data (Level 3 or 4):
    • Recoverability (after deletion): Unrecoverable, if stored on an encrypted device.
    • Electronic:
      • Windows
        • File: Use SDelete or Eraser.
        • Device: See Cross-platform options.
      • MacOS
      • Linux
      • Cross-platform
        • Device: Your motherboard or drive manufacturer might provide a proprietary sanitization utility, Parted Magic, or DBAN.
      • Cloud service
        • Contact provider regarding secure data deletion pipeline.
    • Physical: Commercial shredding.
      • Ensure that you receive a Certificate of Destruction for your records.
  4. For non-sensitive, non-public data (Level 2):
    • Recoverability (after deletion): Recoverable with difficulty
    • Electronic:
      • Windows
      • MacOS
        • File: Delete file and empty Trash.
        • Device: Apple support (do NOT select “fastest” under “security options”).
      • Linux
      • Cloud service
        • Contact provider regarding secure data deletion pipeline.
    • Physical: Office or commercial shredding.
  5. For public data (Level 1):
    • Recoverability (after deletion): Data could be recovered with little difficulty.
    • Electronic:
    • Physical: Recyle, if appropriate.