Simply deleting files and reformatting a hard drive will not securely erase information, meaning that it will still be possible to recover the data that was previously on the hard drive.
Having a strategy for reliably erasing data files is a critical component of managing data securely and may be relevant at various stages in the data cycle.
During research, copies of data files that are no longer needed may be destroyed. It is often useful to keep ‘working’ files safely in order to backtrack in the research process.
Therefore, files should not be destroyed thoughtlessly. At the conclusion of the research, data files that are not required for preservation need to be disposed of securely.
For hard drives, which are magnetic storage devices, deleting files does not permanently erase a file from the physical drive; rather it only removes a reference to the file.
It takes little effort to restore files deleted in this way and explains why data can be recovered from some damaged hard drives. Files need to be overwritten numerous times to ensure they are effectively unreadable.
Software is available to help erase files from hard disks, meeting recognised erasure standards. Example software is: BCWipe, WipeFile, DeleteOnClick and Eraser for Windows platforms; and Permanent Eraser for MacOS platforms.
The most reliable way to dispose of data is physical destruction. This will of course be much more difficult – and often impossible – to achieve where cloud storage has been used.
It is therefore imperative that researchers ensure that cloud storage is appropriate for the specifics of their research project. A risk-averse approach for all drives is to encrypt devices before first use when installing operating software and to physically destroy the drive using a secure destruction facility, approved by your institution when data need to be disposed of.
USB Flash Drives
Flash-based storage devices, such as memory sticks, are constructed differently to hard drives. Techniques for securely erasing files on hard drives cannot be relied on to work for solid-state disks as well, so physical destruction is advised as the only certain way to erase files.
Paper and Optical Discs
Shredders certified to an appropriate security level should be used for destroying paper and optical media.
The German Institute for Standardization (DIN) has standardised levels of destruction for paper and discs that have been adopted by the shredding industry.
For shredding confidential material, adopting DIN 3 means objects are cut into two-millimetre strips or confetti-like cross-cut particles of 4 x 40 mm. The UK government requires a minimum standard of DIN 4 for its material, which ensures cross-cut particles of at least 2 x 15 mm.