We’ve recently been asked how we dispose of our hard disk drives/tapes while ensuring that sensitive data is protected. Depending on the nature of the data we use a 2 stage method.
Media for disposal or reuse within the University
Hard disks are wiped using the freely available DBAN. I’ll use their own description of the software:
Darik’s Boot and Nuke (“DBAN”) is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware.
Tapes are erased using the built in library features. Completing this stage would make media suitable for internal transfer and reuse within the University.
In order to use DBAN yourself you simply need to burn a copy of the ISO which creates a bootable CD/DVD. After that simply follow the on screen instructions.
Disposal (WEEE)
If the media holding the data is to be disposed of or recycled the University has a contract for WEEE contractor- www.secondbyteit.co.uk.
Second Byte provide Hard drive erasure and Certificates of data destruction. Each piece of equipment is given a reference by the contractor and certificates of destruction are provided. These are stored electronically centrally.
Hard drives are removed from machines during booking in, placed in secure containers and moved to a separate area of their warehouse. Only specific members of staff are allowed to handle hard drives. All hard drives are sanitized again using DBAN working to DOD 5220.22-M with 7 passes even if clients have sanitized them or if they have asked for disposal. All hard drives that clients have asked to be destroyed are recycled after being sanitized.
Any tapes or other media are physically destroyed certificates of destruction provided.
A good article – and DBAN is fantastic freeware. When physically destroying hard drives, just make sure it’s a professional shredding service – 30mm or 6mm for highly sensitive data.