How to Ethically Destroy Client Data on Hard Drives
Keeping client data safe is imperative for an attorney and it is an ethical requirement which is why it’s important to keep your online security strong and update computer drivers when needed. Since most attorneys work at firms that lack IT support and policies you could be putting your client data at risk when it is time to upgrade your computer if you don’t properly destroy old data. Is your trusty computer getting slow? Do you have a broken computer in the storage closet? Are you giving away your old computer? Or do you have old hard drives laying around? If any of these all too familiar scenarios scream, “That is me!” you need to make sure you safely dispose of all personal and client data. If not taken care of, these could end up crashing and you could lose all this data. Some might get the error message similar to kmode exception not handled for example so understanding how to deal with the issues as soon as possible can avoid a lot of headache in the future.
Old computers, crashed computers, and even broken computers still have remnants or even all of your personal financial or client data that was ever on the computer still there. Yes, that is correct, even a computer that no longer works can still have all of the data on a broken hard drive. The small bits of information that an identity thief or hacker may use is still written on the hard drive and can easily be obtained with free software and a computer. Lurking in the back alleys of the bits and bits on the hard drive can be birth dates, passwords, account information, bank records, tax information, or other sensitive data that could help nefarious hackers wreak havoc with your life or your client’s business.
Two disclaimers. If there is sensitive government information on your hard drives you will want to check government regulations (think Department of Defense) before you begin. Many of the methods discussed would not be considered safe for destruction of government and possibly corporate secrets. Secondly there are often local or state regulations regarding disposal/recycling of computer equipment, please keep these in mind.
The Trash or Recycle Scenario
There are typically two scenarios associated with disposal of a computer. You are either going to throw the computer away (or recycle it where required), or you plan on giving it to someone else.
If the computer is so old or broken that disposal is your best choice it is very easy to make sure that your data is safe; destroy the hard drive. Even if your computer doesn’t boot, or your hard drive crashed it doesn’t mean that all of your data has been destroyed and actual destruction of the hard drive is the fastest and cheapest method to ensure that your data is safely destroyed. Since you plan of throwing it away or recycling it, if you happen to damage something in the process it really doesn’t matter.
The hard drive is easily located in both desktop and laptop computers. Most desktops use a 3.5” form factor drive, which are approximately 4” x 6” x 1” and weight about one pound. Laptop hard drives use a 2.5” form factor and are about 3” x 4” x .5” and weight one quarter pound. Hard drives have a metal enclosure and are typically silver or black.
Laptop hard drives are usually accessed by a small access panel on the bottom of the device and can be removed with one or two screws. To access a desktop hard drive remove the side cover (typically two screws) and then remove the four screws that secure the drive. To find out where your drive is located and how to remove it simply go online and find the service manual for your computer.
If you are a large firm with lots of drives to destroy or just not handy, there are a number of businesses that can destroy your hard drives for a fee, and there are different methods that can be used.
- Degaussing – Commercial degaussers can completely erase hard drives using magnetic fields or electromagnetic fields.
- Crushers – Automatic crushing devices that uses motors or hydraulics to physically crush a device.
- Shredding – Perhaps the easiest service to find since commercial shredding is very common in the workplace. Just like a paper shredder but on steroids, a hard drive shredder rips hard drives into small strips.
If you are outsourcing the hard drive destruction and you can’t physically watch the drive be destroyed make sure you evaluate the company first.
The Drill and Hammer Method
I am fairly handy and don’t have government secrets on my drives, so when I do recycle my computers I use a fairly simple method that makes recovering any possible data so expensive and costly that I consider this a safe method of data destruction. It doesn’t cost any money and can be done in under five minutes. First I remove the drive and place it in my bench vise. If you don’t have a vise, you can hold it on your garage floor carefully. Take an electric drill with a medium sized bit and drill three holes about one inch out from the center of the drive in three different random areas. This will physically destroy the platters, making obtaining data extremely difficult. Next I take my claw hammer and take out my day’s aggressions on all sides with a dozen good whacks, making sure I destroy the electronics and denting it up as good as possible.
There are numerous solutions on the Internet to physical hard drive destruction that you can do on your own. No matter which method you choose, just make sure you do a thorough job. Just remember that the data is stored on the platters inside the drive and these should be your primary target of destruction. A few dents on the outside of the drive are not enough, make sure whatever method you use actually penetrates the outer shell.
Giving the Computer Away – The Data Wipe
The best thing to do with your old but working computer is to give it to someone else. In this case physically destroying the hard drive is counterproductive to your good deed. Simply erasing the data like you do a document file is not enough to completely destroy your sensitive data. In this case the best solution is a data wipe, otherwise known as data erasure or data clearing. This is a software based method of deleting the data on the hard drive and completely destroying any residual data. There are numerous options for both free and paid software solutions. A quick Google search on “data wiping software” brings up many links to sites that actually compare the different features each has to offer.
Dban is a free data wiping software solution that is very popular and highly rated. They are owned by Blancco who sell commercial grade data wiping software. Other popular solutions offered are: ErAce, CBL Data Shredder, and HDDErase. Evaluate each one to determine which one will suit your needs best.
While you research features look for a program that “boots” directly to make sure you delete everything. I also recommend using the software’s strictest settings and then repeating the process over again at least once. One weakness of wiping software is the possibility of user error or not completely wiping all the data. So make sure you read the directions carefully, as the free software often has no support options. USB drives and SSD drives also have special requirements to completely remove all data so make sure you get the proper software for the job if you are trying delete files of USB or SSD drives
The best method to protect your sensitive personal and client data is physical destruction of your hard drives. Whether you do it yourself or hire a company it is the easiest and most secure way to destroy your data. Hard drive destruction makes giving the computer away a bit tougher because they will need a new hard drive, but hard drives are inexpensive. If you are handy, destroy the drive yourself, and if not hire a company to physically destroy your drive. Giving away your computer is a nice gesture, so if this is you plan, make sure to use a data wiping program. You can never be too safe with you or your client’s data, and considering that it is an ethical responsibility to take reasonable precautions to ensure that your client data remains secure it is something you must do as an attorney.