Data Sanitization (Secure Deletion)

What Is Data Erasure

Data erasure (Secure Data Erasure) is the process of rendering data on storage unrecoverable. When you "move a file to the trash and empty it," only the file system's management information is deleted - the actual data remains on the storage. It can be recovered with specialized tools, making this insufficient for disposing of sensitive data.

Situations requiring secure data erasure are diverse: disposing of or selling PCs and smartphones, returning leased equipment, replacing storage, and responding to data deletion requests under regulations such as GDPR.

The choice of erasure method should be determined by comprehensively considering the type of storage (HDD or SSD), data sensitivity level, compliance requirements, and cost and time constraints.

Types and Characteristics of Erasure Methods

Software Overwrite Erasure: Writes random data or zeros across the entire storage area to overwrite the original data. Effective for HDDs, but on SSDs, the wear-leveling mechanism may prevent overwrites from reaching all cells. NIST SP 800-88 states that a single overwrite pass is sufficient for HDDs.

Cryptographic Erasure: When data encryption has been applied in advance, simply destroying the encryption key renders the data effectively unrecoverable. This is the most effective method for SSDs and is fast to execute. If device encryption (BitLocker, FileVault, etc.) is enabled, you only need to destroy the key at disposal time.

Physical Destruction: Physically destroys the storage (shredding, drilling, degaussing). The most reliable method, but the device cannot be reused. Selected for top-secret data or when software erasure certification is difficult.

Secure Erase / Sanitize Commands: Erasure commands built into SSD firmware that erase all cells (including spare areas). More reliable than software overwriting for SSDs.

Recommended Erasure Methods by Storage Type

The optimal erasure method differs depending on the type of storage.

HDD: A single software overwrite pass is considered sufficient under NIST standards. For highly sensitive data, combine with physical destruction.

SSD / NVMe: Cryptographic erasure or the Secure Erase command is recommended. Software overwriting may not reach all cells due to wear leveling, making it unsuitable for SSDs.

Smartphones / Tablets: A factory reset is the standard approach. iOS and recent Android devices encrypt storage by default, so the encryption key is destroyed during reset, achieving an effect equivalent to cryptographic erasure.

Cloud Storage: The timing and method by which the cloud provider erases data from physical storage after deletion depends on the provider. It is recommended to upload data in an encrypted state and destroy the encryption key when deleting.

Erasure Certification and Legal Requirements

When enterprises dispose of devices, it is important to obtain and retain a data erasure certificate. The certificate records the target device's serial number, erasure method, date and time of erasure, and the person who performed it.

When responding to GDPR's "Right to Erasure" (Right to be Forgotten) or data deletion requests under Japan's Act on the Protection of Personal Information, the erasure certificate serves as legal evidence. Disposing of devices without an erasure certificate means you cannot prove that appropriate measures were taken if a data leak occurs.

Attention to backups is also necessary. Even if production data is erased, the erasure is incomplete if data remains in backups. When responding to data deletion requests, establish procedures that include deletion from backups.

When outsourcing device disposal to an external vendor, verify the vendor's erasure methods and certificate issuance in advance, and specify the erasure method and scope of responsibility in the contract.

To learn more about this topic, see Device Encryption Basics: Protecting Data on Your PC and Smartphone.

Common Misconceptions

Deleting a file and emptying the trash erases the data

Emptying the trash only deletes the file system's management information - the actual data remains on the storage. It can be easily recovered with data recovery software, so secure erasure of sensitive data requires dedicated erasure tools or cryptographic erasure.

Overwriting data on an SSD securely erases it

Due to the wear-leveling mechanism in SSDs, software overwrites may not reach all cells. For SSD data erasure, cryptographic erasure, the Secure Erase command, or physical destruction is recommended.

Comparison of Data Erasure Methods - Software Erasure vs. Cryptographic Erasure

Related Terms

Related Articles