Text Only Version

Secure Deletion and Sanitizing Data

Delete and Format are Not Enough

Disposing of sensitive information requires more than just deleting a file or formatting a hard disk. Free tools can be found online to recover deleted files, and more robust programs can recover files that have been overwritten several times. A recent BBC article reported that "40%-50% of second-hand disks that can be powered up contained sensitive data". Whenever you attempt to dispose of sensitive information on your computer, it is important to either securely delete files or sanitize hard drives to prevent recovery of the disposed data.

This guide will discuss two common situations involving the disposal of sensitive information:

  • Securely deleting sensitive files on a functional system.
  • Sanitizing a hard drive to be disposed of, or transferred to another employee or department.

1) Secure Deletion of Files

There are two methods for sanitizing a system without fully formatting and starting from scratch. Either (i) overwrite specific files or (ii) overwrite all free space on the system. Use any one of the tools below for either method. Be sure not to defragment before cleaning for a more effective sanitization.

  • Windows: SDelete from Sysinternals. A free command line tool for NTFS and FAT32 drives.
  • Windows: Eraser - Another free tool, which includes a graphical interface.
  • OS X: For sanitizing free disk space use the built-in Disk Utility. Files can also be securely deleted by moving them to the Trash, then from the 'Finder' menu, click 'Secure Empty Trash'. Both methods should overwrite the file location over 30 times.
  • Linux: Using Shred

2) Sanitizing a Hard Drive

As a general practice, all hard drives should be sanitized before they are disposed of, placed in surplus, or transferred. For hard drives that are to be disposed of or placed in surplus, contact Property Control and request the hard drives to be destroyed using their drill press. Alternatively, a degaussing machine can be used if one is available.

If the hard drive needs to be reused, e.g. when it is being transferred to another person, the only option is to use a utility to thoroughly overwrite the data. Darik's Boot and Nuke (DBAN) is an industry accepted self-contained boot disk that will securely wipe any functional hard disk. Another option, which includes tools in addition to DBAN, is the Ultimate Boot CD. Boot the system with either tool and completely wipe the drive before formatting the drive or transferring it to a new owner.

UGA Electronic Equipment Handling Procedures

The Electronic Equipment Disposal and Transfer Recommendations provides several proper handling procedures including: Surplus of equipment on campus, requesting repairs, trade-ins, and transfers. In most cases, you will need to complete the Property Control Form and contact Property Control to complete the process.

Paper Documents, Backup CDs, and Media Containing Sensitive Information

Sensitive information on portable media also needs to be properly disposed. Keep track of any media containing sensitive information. Make sure that media doesn't leave campus without approval, and destroy any media that is no longer needed. The University of Georgia Records Center offers free secure disposal of documents to all campus units.

Additional Resources