Data sanitization is an important step in the data lifecycle. Once data has reached the end of its life or is deemed trivial, obsolete or redundant, it’s important to dispose of that data securely.
Blancco defines data sanitization as the process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable—a definition in line with Gartner’s 2019 Hype Cycles. A device that has been sanitized has no usable residual data, and even with the assistance of advanced forensic tools, the data will not ever be recovered. According to Gartner, there are three methods to achieve Data Sanitization: physical destruction, cryptographic erasure and data erasure.
What Methods Do Not Achieve Data Sanitization?
The three methods above meet data sanitization requirements, but there are many other data disposal methods that do not achieve this. These terms are often used interchangeably and incorrectly with the true data sanitization terms listed above. These incomplete data sanitization methods have not been proven to render the data on the appropriate storage devices unrecoverable.
Incomplete Data Sanitization Methods
- Data Deletion
- Reformatting
- Factory Reset
- Data Wiping
- File Shredding
- Data Clearing
- Data Purging
- Data Destruction
None of these methods include the verification and certification steps necessary to achieve data sanitization. When considering a data sanitization method for your organization, consider your risk tolerance. Highly-regulated industries should opt for complete data sanitization to achieve compliance with data privacy and security regulations and mitigate the impact of a security breach.
For more information on data sanitization terminology, visit our blog post.
