Three often forgotten tips for secure data sanitisation

Ensuring complete sanitisation of data is a must for both companies and individuals. No one wants their confidential information being used by any outside parties, and with the new GDPR legislation in place, firms are now, more than ever, ensuring they provide complete data security. Here are three of the easiest, but most forgotten, ways to ensure secure data sanitisation, as compiled by our experts.

1. Wipe as early as possible

The moment a device is no longer used, it should be wiped. Often, companies will place computers and drives in storage, or in a back room, for years before finally getting around to deal with the sensitive data that remains in the system. The longer you leave the data before sanitisation, the more risk you place yourself in. Assuming these drives are not under lock and key, they will be relatively easy to access, meaning someone can maliciously steal the data, or steal the drive and inadvertently take the data with it too. Given the new penalties associated with GDPR and identifiable data being compromised, you should remove any sensitive data as soon as possible to remove the risk.

2. Record and log your sanitisation

It’s relatively well known within the IT sector that recording and logging is a necessity when sanitising data. From a legal point of view, which has been reinforced by the new GDPR legislation, if sanitisation hasn’t been officially logged, then it hasn’t been done. Any and all wipes must be recorded, including the date, times, and identification of the device being wiped, and the method by which this was done. By setting up standard recording practices, and keeping this information in a collective database, you reduce the risk of people failing to log their actions, as well as having proof of regulation adherence should you ever need it.

3. One wipe may be enough

It is commonly believed that multiple-pass wipes are more secure than single-passes, but in the vast majority of cases this is not true. If your data is being overwritten by an algorithm which overwrites the data with a pure random pattern, then going over this several times won’t make it more secure. In the past, when data density was low on hard drives you could use an electron microscope to view ‘bit shadows’ even when data had been sanitised and overwritten; with current high density data, bit shadows are not a realistic concern, meaning that a single wipe will effectively and efficiently sanitise your data. Therefore, wiping your data more than once is not likely to be any more secure, but will cost you time and resources.

However, it is important to note that several large companies and governmental organisations have a strict multiple-pass policy which must be adhered to. If you have the time and the resources then more wipes won’t hurt, but aren’t likely to be a necessity either.