Hard Disk Wiping: What’s the Magic Overwriting Standard?

Getting rid of old hard drives without proper precautions is a big “No-No”, particularly for businesses in South Dakota and North Dakota.

Data must be erased before devices can be given away to employees, be donated to charitable organizations, or be resold for reuse.  This is why many businesses rely on certified ITAD providers to wipe or shred their hard drives before getting rid of IT equipment, eliminating any potential risk of data recovery.

So what data erasure methods comply with consumer privacy laws (and possibly, regulations for your type of business, specifically)?

The DoD Standard

IT asset disposition (ITAD) vendors who cite they have a “DoD certification” are misleading, as there is no such certification that exists. Most government and other regulation programs, including the U.S. Department of Defense, now cite and adhere to the National Institute for Standards and Technology (NIST) 800-88 Guidelines for Media Sanitization.

When vendors talk about the “DoD standard”, they are usually referring to DoD 5220.22-M. This standard was first published by the U.S. Department of Defense (DoD) in 1995. However, the latest version does not specify an overwriting pattern or method of digital sanitization and in no way is an actual standard. This method has been superseded by other, more modern data wiping standards such as those from NIST.

The DoD technique is no longer recommended and is in fact less effective, more resource demanding, and less economical than accepted standards of today. However, due to the high esteem and credibility carried by the Department of Defense, organizations’ internal policies may still require it.

NIST Standards

Today, the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-88, Revision 1 standard has become the most widely accepted erasure standard in the United States.

The NIST publication outlines the preferred methodologies for data sanitization for hard drives, peripherals, magnetic and optical storage and other storage media and describes three methods to ensure data is destroyed including clearing, purging and destroying.

Which Data Destruction Method is Right for You?

It’s important to note that disk erasure software cannot wipe hard drives that have physically failed or erase internal hard drives that are disconnected. Wiping software is also limited when it comes to hidden sectors on solid state drives. Because of this, it’s ideal to have a policy in place for both digital erasure and physical destruction for handling data on IT assets like servers, laptops and removable media.

Your certified ITAD service provider can help you to determine a data destruction plan that is suitable for your particular needs.  Contact the experts at SEAM today at 605-274-7326 (SEAM) or online to learn more and request a quote.