Destroying Data

See the Media Sanitization Standard in the University's Information Security policy for specific requirements that you must follow.

Data stored on drives in servers, workstations, external storage devices, or on removable media (e.g., USB drive, CD, tape) must be permanently removed from the drive prior to transfer, decommission, or disposal of the drive/media to prevent unauthorized disclosure of the data.  The tools you use depend on the type of drive:

  • Encrypted SSDs (solid-state drive), use the secure erase function on the device. Remember to empty the trash. Check with the SSD vendor for their version of Secure Erase to use.
  • Encrypted hard drives that spin, use reformat.
  • Unencrypted hard drives that spin, use a media sanitization tool.

MacIntosh computers come with encrypted SSDs by default, the secure erase is built in.  Remember to empty the trash.

Sounds simple, but not all methods remove or erase the data.

  • Delete key does not equal erase
  • Format command does not equal erase

Some methods to delete data from a computer's hard drive (e.g., highlighting a file and pressing the Delete key, or emptying a recycle bin or trash folder, using system utilities to reformat the disk). Depending on the type of drive, these methods may not remove the data, they simply remove the pointers to the file. The data remains on the disk. Readily available software tools can be used to restore the data.

There are disk wiping utilities and programs available that will greatly improve the chances that your data cannot be recovered. Some programs erase the entire disk, while others allow you to select which files or folders to erase/shred. It is important that the utility or program provide an option to erase free space (temporary files).

Consult with your local technical support staff.

Other methods of destroying data include degaussing and destruction. Degaussing is a process by which the storage media is subjected to a powerful magnetic field to remove the data on the media. Degaussing may make the media inoperable; therefore use this method if the media does not need to be reused.

Destroying Media

Destruction is recommended for media (CD-ROMS, diskettes, tapes) containing highly sensitive data that cannot be wiped using the utilities and products described above. This is done by shredding disk platters, grinding the surfaces off of CD's, incinerating tapes, or cracking/cutting the media.

The University of Minnesota ReUse Program performs physical media destruction for all non-healthcare component, University-owned hard drives that are being recycled, including hard drives from computers, printers, copiers and multifunction devices. See the recycling program at the U.

Health care component computers are required to be recycled by Health Service Technology (HST) or local IT support.

University Policy

Information Security

More Information