What is Data Sanitization?

Data sanitization is an important step in the data lifecycle. Once data has reached the end of its life or is deemed redundant, obsolete, or trivial, it’s important to dispose of that data securely.

Blancco defines data sanitization as the process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable⁠—a definition in line with Gartner’s 2019 Hype Cycles.

In NIST Special Publication 800-88, Revision 1, “Guidelines for Media Sanitization, ” the U.S. National Institute of Standards and Technology says, “Sanitization is a process to render access to target data (the data subject to the sanitization technique) on the media infeasible for a given level of recovery effort.”

In other words, a device that has been sanitized has no usable residual data, and even with the assistance of advanced forensic tools, the data will not ever be recovered. 

According to Gartner, there are three methods to achieve this: physical destruction, cryptographic erasure, and data erasure.

What Methods Do Not Achieve Data Sanitization?

The three methods above meet data sanitization requirements, but there are many other data disposal methods that do not. These incomplete data sanitization methods have not been proven to render data unrecoverable.

Incomplete Data Sanitization Methods

• Data deletion
• Reformatting
• Factory reset
• Data wiping
• File shredding
• Data destruction (without verification)

None of these methods include the verification and certification steps necessary to achieve data sanitization. When considering a data sanitization method for your organization, consider your risk tolerance: Highly-regulated industries should opt for complete data sanitization to achieve compliance with data privacy and security regulations and mitigate the impact of a security breach.