Secure data erasure also commonly referred to as data clearing or data wiping, is a method of overwriting and completely destroying all electronic data on a disk drive or other digital media by using zeros and ones to overwrite data onto all sectors of the device. By overwriting the data on the storage device, the data is rendered unrecoverable and achieves data sanitization.
Permanent erasure goes beyond basic file deletion. Unlike degaussing and physical destruction, which leave the storage media unusable, data erasure removes all information while keeping the disk operable.
There are key differences between data erasure and other overwriting methods, which can leave data intact and raise the risk of data breach, identity theft or failure to achieve regulatory compliance. Many data eradication programs also provide multiple overwrites so that they support recognized government and industry standards.
One of the major advantages data erasure is the preserving of assets and the environment. Data erasure offers an alternative to physical destruction and degaussing for secure removal of all the disk data. Physical destruction and degaussing destroy the digital media, requiring disposal and contributing to electronic waste. Hard drives are nearly 100% recyclable and can be collected at no charge from a variety of hard drive recyclers after they have been sanitized.
Unfortunately, complete data eradication doesn’t work on flash-based media, such as Solid-State Drives (SSD) and USB Flash Drives. Data erasure through overwriting only works on hard drives that are functioning and writing to all sectors. Bad sectors cannot usually be overwritten, but may contain recoverable information.
Strict industry standards and government regulations are in place that force organizations to mitigate the risk of unauthorized exposure of confidential corporate and government data. Regulations in the United States include HIPAA (Health Insurance Portability and Accountability Act); FACTA (The Fair and Accurate Credit Transactions Act of 2003); GLB (Gramm-Leach Bliley); Sarbanes-Oxley Act (SOX); and Payment Card Industry Data Security Standards (PCI DSS) and the Data Protection Act in the United Kingdom. Failure to comply can result in fines and damage to company reputation, as well as civil and criminal liability.