Manage Learn to apply best practices and optimize your operations.

Can confidential data be accessed once it is deleted for free space?

Depending on how full a drive is, confidential data can survive indefinitely -- whether it is deleted or not. In this expert response, Michael Cobb explains whether the files live and how they can be accessed.

When a file is erased for free space, can pieces of the data still be accessed? Can pieces of confidential data still be accessed after a data wipe?
The contents of a file are not removed from the hard drive when the file is deleted. When a file is deleted from the Windows Recycle Bin, for example, only the pointer to the file is eliminated. The file is then invisible to the operating system, and it no longer appears in the directory tree structure. The previously occupied space on the hard drive is marked as free and can be reused by the operating system. However, until new data is written to this space, the contents of the file still exist. This data can survive indefinitely depending on how full the drive is, where the file was located physically on the drive, and how often you use your computer. There are numerous tools that can recover "deleted" files by searching for data on a hard drive that does not have any corresponding pointer information.

It is good security practice to overwrite, or wipe, sensitive files when they are deleted. But what level of erasure should you set for your confidential data? In 2004, the U.S. National Security Agency (NSA Advisory LAA-006-2004) found that a single overwrite using DoD 5220.22-M-compliant software is sufficient to render electronic files unrecoverable. Many data wiping products state that they meet the "DoD 5220.22-M standard." The particular claim generally means that the technology will over-wipe all addressable hard drive locations with a single character. The second part of the operation wipes all addressable locations with a character, its complement, and then a random character, followed by verification. The process is completed three times and prevents data from being recovered by commercially available processes.

One problem with software disk-wiping is that it cannot sanitize hard drives that have actually physically failed. In such instances, you could destroy them by degaussing, melting, incineration, crushing or shredding. Physical destruction offers the highest level of erasure but even this is not necessarily absolute if any remaining disk pieces are larger than a single 512-byte record block in size. Whichever method you chose, either software wiping or physical destruction, you must enact policies and procedures governing hard drive disposal. You should also offer appropriate employee training to ensure that you have taken "reasonable measures" to safeguard your data.

The Federal Trade Commission's FACTA rule on the proper storage and disposal of certain consumer information requires that such information is properly disposed of. Although physically destroying disks is more costly than wiping them, the potential costs associated with compromised data may make it the best option. I would recommend the NIST Special Publication 800-88, Guidelines for Media Sanitization. Its recommendations can be applied to all types of organizations and are helpful in devising an appropriate erasure policy based on the confidentiality level of your information.

More information:

  • Learn the pros and cons of data wiping.
  • Visit SearchSecurity.com's Data Protection School.
  • This was last published in October 2007

    Dig Deeper on Data security strategies and governance

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.