Beware: Formatting a Hard Drive Isn't Enough to Purge Old Data

Last Updated May 22, 2011 11:37 PM EDT

As we approach what is the end of the fiscal year for many companies, you might be preparing to replace some of your PCs with newer models to take advantage of end-of-year hardware spends. When you do that, don't forget to properly dispose of your old hard drives. After all, they're packed with company information, passwords, possibly even social security numbers and banking records. And formatting the drives won't protect a single bit of that data from the drive's next owner.

Formatting a drive only hides the information from the operating system; it's all still there, and easily recovered in its entirety by anyone who invests even a little time in the process. It doesn't even cost anything to recover formatted hard drives; there are free tools you can download from the Web which will do it easily. And that means if you sell, recycle, or dispose of your old PCs, you should ensure the data on the drives is destroyed, not just formatted.

Don't believe me? Perhaps you trust MIT instead. In a now-famous study, a pair of MIT grad students acquired 158 used hard drives from eBay and other online stores. Of the 129 that actually functioned, 69 had recoverable files and 49 were packed with personal information. They inventoried 3700 credit card numbers, along with medical data and other personal data.

The bottom line is that you should ensure any data on your hard drives are physically overwritten with new data, not just formatted. There are many ways to do this, and many of them are even free.

  • CCleaner is a free disk wiping tool that you can use to wipe all the data from your hard drive in a single pass or make multiple passes for Department of Defense-approved security.
  • Darik's Boot and Nuke (also known as DBAN) is another free program that can completely wipe the contents of your hard disk by overwriting each sector on the drive.
  • Eraser works like the others -- it too is a free disk shredder that overwrites data securely on your old drive.
In the end, it doesn't really matter which disk shredder you use, as long as you diligently choose something to prevent your corporate and personal data from being exposed after a hard drive leaves your hands.

More on BNET: