Whenever you throw out the hard drive, you should assume that the next person to pick up the hard drive will be able to access everything that you had stored on it, unless you have taken specific steps to make the data on there unreadable.
This is why, before you throw away or sell an old hard drive, you should take a couple of steps to ensure the data contained within is irretrievable. This might sound a bit extreme at first, but if you know more about IP addresses, data leaks or online privacy, you’ll see that this is only a basic level of personal information protection.
What Are The Dangers Of Throwing Out an In-tact Hard Drive?
When you delete a file from your computer, the file itself is not erased. Instead, the computer simply marks the bit of the hard drive where that file is stored as empty space. This means that, eventually, the computer will overwrite whatever data is there. However, until this happens, it is very easy for anybody to get that data from the hard drive.
It is a great feature to have when you accidentally delete some precious photos from your computer. There is plenty of free software out there now that will enable you to retrieve data that you have accidentally deleted. The data is still on the hard drive, the software simply ignores what the computer tells it and analyses empty space on a hard drive to see if it is, in fact, empty.
You don’t need any advanced computing skills to be able to retrieve data from an old hard drive. If you want to really freak yourself out, pick up a used hard drive as cheap as you can, and then try out some of the aforementioned software. In many cases, you will find that all of the data previously on the hard drive is still sitting there just waiting to be retrieved.
If the user has encrypted their hard drive, or the reseller is savvy enough to wipe any hard drives they handle, you will find data irretrievable or inaccessible. However, you would be amazed at how often people overlook these steps.
Ensuring Data Is Irretrievable
Hard disk drives and solid-state drives both work a little differently internally. These differences mean that a solid-state drive cannot be securely erased in the same way an HDD can.
With an HDD, there is no shortage of software tools available that will allow you to securely erase files and overwrite any empty space with random data. Unfortunately, this is not possible with an SSD.
To securely erase a solid-state drive, you need to overwrite all of the space on it. Whereas you can securely erase an HDD by identifying empty space and overwriting that, the underlying architecture of an SSD means that this same technique will not work. You can either copy a very large file onto the SSD that will take up all the space, or you can create an encrypted partition that is the full size of the disc itself. You can then transfer your data into this encrypted partition and erase it.
There is also now a number of software tools on the market that will securely erase an SSD for you; it just takes longer than with an HDD.
Technically, even if you follow the steps outlined above then data retrieval is theoretically possible. If you securely erase an HDD by overwriting it with several passes of junk data, it will be practically impossible to retrieve any data. However, if you want 100% certainty that your data won’t be accessed, you need to physically destroy the hard drive.
With either an SSD or an HDD, physically dismantling the drive will render it unreadable. It is a good idea to do a secure erase before you physically destroy the drive, just in case. There are even specialist businesses that will destroy your hard drive for you.
Keep Your Hard Drives Secure From The Start
If you are planning on selling your hard drive, it is worth encrypting all the data on there before you erase it securely. This will ensure that if your erasure is unsuccessful for any reason, any data that is pulled from the drive will be encrypted and inaccessible. Encrypting a hard drive is a simple process, regardless of the operating system you are using.
On Windows, you simply need to go to the control panel, navigate to the ‘system and security’ sections, then select ‘BitLocker drive encryption’. You will then need to choose a password, which you will use to decrypt the hard drive.
If you are on a Mac, then your hard drive should be encrypted by default. All Apple operating systems from Yosemite onwards will have full-disk encryption by default. You can check this by heading to the ‘Security & Privacy’ tab in your system settings. If FileVault is turned off, switch it on to take advantage of encryption.
If you are on Linux, then the easiest way of encrypting your hard drive will be to select this option when you are first installing Linux. If you already have Linux installed unencrypted, you should look for instructions for your specific disk – there are numerous paths you can take to encrypting a Linux hard drive.
Unless you take steps to make your data irretrievable, there is always a risk that the next person to handle your hard drive will be able to pull your old data off it. It is a good idea to keep your hard drive encrypted from the moment you start using it. This will ensure that retrieved data cannot be read.