Data sanitization refers to the process of permanently and irreversibly destroying data on a storage device in a deliberate manner, typically for compliance and/or corporate security purposes. After data sanitization, a storage device will have no usable residual data, and there is no way to recover any of the data, even with the use of advanced forensic and data recovery tools.
Data sanitization has long played a key role for protecting sensitive corporate data, and it s become an increasing necessity as compliance regulations have become more prominent and stringent in recent years, especially following the EU s General Data Protection Regulation (GDPR), which requires companies to erase customer data upon request and provide proof of data sanitization measures.
Data sanitization is a more complete form of data destruction than similar terms like drive reformatting, device factory reset, data wiping, data deletion, data clearing, disk scrubbing, and file shredding. Data sanitization even goes a step beyond data destruction in that it requires verification or proof that no recoverable or usable data remains on the storage media once sanitized.
Three Ways to Perform Data Sanitization
A device can undergo data sanitization in one of three main ways:
Physical destruction: This involves shredding hard drives, mobile devices and other forms of storage media into tiny pieces. Another type of physical destruction for data sanitization involves a degausser, a tool that exposes data to a powerful magnetic field and neutralizes the data on a hard drive and prevents is from being recoverable.
Cryptographic destruction: Storage devices that utilize encryption software to protect the data contained on them can be sanitized by erasing the 128-bit (or higher) encryption key used to decrypt the data. While the data remain on the device, cryptographic destruction is considered an approved method of data sanitization since it renders the data unrecoverable and can be verified.
Data destruction: Data destruction, or data erasure, utilizes software tools to securely overwrite data on a storage device. In order to ensure data sanitization, an approved standard for the company’s industry or organization must be used for data erasure, and the process must be documented and verified.