Poke around on the subject of best practices in data destruction, and you’re likely to find a slew of posts about how the old DoD security standards are obsolete these days. While new standards have come out in the last 20 years for ensuring safe destruction of sensitive information, it’s not a given that these old standards don’t work anymore.
DoD Security Standards: What Are They?
The Department of Defense released data destruction guidelines in the 90s, when the practice was still new, and no other standards existed. The guidelines recommended 3 different overwrites, or wipes on a hard drive (which were large and inaccurate) to clear it of sensitive information. With technology rapidly changing in the 21st century, many consider these guidelines obsolete.
DoD guidelines became the baseline for almost everyone who was concerned with data security at the time they were established. Times have changed, however, and DoD standards are often dismissed by professionals in the industry.
NIST-800-88–The New Gold Standard
Today, most companies follow the NIST-800-88 government guidelines, rather than DoD security standards, and most IT asset disposition (ITAD) professionals consider a single pass to be sufficient for thorough data destruction. Lifespan Technology goes into why on their blog:
“What may confuse some non-IT professionals is why a single pass would now be as effective as three passes, based on the fact that hard drives have a much greater capacity. The reason for this is that two types of technology have advanced since the DoD standard was created. The first involves the technology of the hard drives that are in use. Today’s drives are much more precise than older magnetic drives, which means that the head will write over every sector reliably with just one pass. The second improvement in technology comes from the software tools that have been created to assist in the procedure. Software tested and certified such as that from Tabernus or Blanco enable verifiable overwrites with detailed records.”
DoD–Not Obsolete, Just Time-Consuming
The fact is, doing three wipes on a hard drive isn’t really obsolete–it’s just no longer necessary in most cases. Wiping a hard drive is time-consuming, and if the same results can be achieved in a single overwrite with today’s technology, it makes sense to save time and money by skipping the 3-step process.
Not Regulations, Just Guidelines
Neither DoD security standards, nor NIST standards are regulations. While there are specific laws that affect data security (such as HIPAA), these standards are guidelines for best practices, not laws that will be enforced by government agencies.
Responsible Data Destruction
In the end, both ITAD providers and clients need to be responsible about data destruction. It’s up to ITAD companies to keep up with current best practices and make sure the data they are responsible for is disposed of properly. It’s up to clients to choose a responsible recycler who will ensure sensitive data is treated with care.
As long as data is securely destroyed, it doesn’t matter whether you’re doing three passes or one.
What do you think? Is one wipe enough, or does it give you peace of mind to give equipment multiple passes?
At ICT, we’re all for anything that keeps electronics out of landfills. That’s why we tailor our electronics recycling solutions to fit each company’s unique needs.
Susannah Bruck is a freelance blogger, editor, and ghostwriter. She has been putting her skills to use for clients since 2010, and enjoys working on formats ranging from blog posts to short stories and plays. You can find her at World Adventures