You should always erase or physically destroy data on your computer, device or storage medium before passing it on to third parties or having it recycled as electronic waste.

"Normal" deletion is not enough

On Windows, files that are deleted are moved to the Recycle Bin first in most cases - just as you throw something into the wastepaper basket under your desk and not the bin on the street. Once in the Recycle Bin, these data files are only actually erased when storage space needs to be freed up or if the operating system user empties the Bin themselves.

However, this only deletes references to the files from the index (the "table of contents" for the hard disk), so the operating system knows the files can be overwritten. But these files may in fact never be overwritten. While this data has been deleted, it is still present on the hard disk, even though it cannot be viewed with the normal kinds of user-level tools.

In certain cases, even formatting the entire hard disk or storage medium may not permanently erase all of the data present. During a normal, "quick" format (also known as a high-level format), the filesystem structure is merely recreated, which means that the index (table of contents) is deleted and replaced with a new index. Here too, the original digital data is still present on the storage medium. A format operation is therefore not a secure data destruction process.

Deleting data correctly

Even the statement "erasing data properly" needs to be understood with the proviso that it applies only to data to which the data destruction program actually has access. Modern semiconductor-based storage media (SSDs) and even the hard disks that still use magnetic media (HDDs) - or combinations of the two (SSHDs) - use highly complicated mechanisms to manage any errors that may occur. Common to all of these storage types is the fact that they prevent applications from accessing faulty areas of storage - and data destruction programs are of course applications. Hard disks also permit the setup of host protected areas (HPAs) on the disk. Special kinds of analysis software may be capable of reading these blocked/protected areas of storage, however, as long as this is still physically possible.

On intact hard drives, specialised software can be used to destroy data by overwriting it and therefore erasing it so it cannot be recovered. This involves overwriting the data in one or more passes with a specified sequence of characters or random numbers, which is usually sufficient. With a low-level ("slow") format, Windows also now overwrites a partition completely,
filling it with zeroes. With older hard drives (<80 GB) data should be overwritten a total of 7 times.

More modern hard drives offer the use of the ATA Secure Erase command. This initiates a manufacturer-specific routine for the hard disk, which is intended to erase the entire hard disk, including any faulty areas of storage. This erasure method is recommended for SSDs and SSHDs. The use of this command should be combined with the overwriting process described above. The storage media can be used as normal once overwriting is complete.

The software market offers both freeware and commercial products that are capable of performing the overwriting methods as described. Most of these tools will offer a number of methods for overwriting data.
When using software to overwrite hard disks, we recommend starting these programs from bootable media (e.g. CD or USB memory stick), so as to be able to overwrite the entire hard disk at once.

Please note: In cases where hard disks will be passed on to trusted third parties, we recommend overwriting the entire disk, independently of any installed operating system. Please note that, in cases where the entire hard disk is overwritten, this also overwrites the manufacturer's recovery partition as well as the operating system itself.

If you're not sure how to proceed or whether a data destruction program is a good choice for your scenario, always seek the advice of a person with relevant expertise.

Physical destruction

If you do not want to overwrite a hard disk or cannot do so because it is faulty, then you should physically damage or destroy the hard disk instead. The same also applies for storage media such as CD/DVDs or USB memory sticks.

This is also the perfect opportunity to find out what a hard disk looks like from the inside! While you should aim to damage the drive as much as possible, do take appropriate care and make sure you wear appropriate protective clothing.
Even simply bending the disks inside will make sure that normal data recovery methods can no longer be used.

Please note, however, that some hard disk makers use glass disks, and that both CDs and DVDs can shatter with dramatic consequences. In the case of SSD disks or USB memory sticks, you will need to damage the individual storage chips.

Deleting smartphone data

Looking to sell or give away your old smartphone? Then you should erase the data stored on your phone. Please note: even if you reset your phone to its factory settings, it may still be possible to restore your original data. Here, we provide a set of tips that cover how to go about erasing your data properly.

Please note: the degree to which data can be erased from a smartphone will vary from device to device. At the moment, there is no "one size fits all" method or standards for the secure erasure of smartphone data. If you want, you can also contact the manufacturer of your device directly for advice about erasing your personal data.

Preparing your smartphone before erasure

Before you carry out the steps described below for the secure erasure of your data, you should think about the kinds of data from your smartphone that you may want to continue using. You should then take a backup of this data, as appropriate.

Also remember that your smartphone may well include external storage media in addition to its internal storage. If you have inserted one or more external memory cards, microSD cards or SIM cards into your smartphone, then you should always take these out before passing your phone on or destroying your device.

If you no longer need the SIM card, you may need to return it to your provider (see your contract for details). Access to personal data stored on SIM cards is typically no longer possible after multiple incorrect PINs and then multiple incorrect PUKs have been entered.

If you are passing on your smartphone, check whether the microSD card was part of the original package contents. In principle, microSD cards can also be securely erased. If you need the microSD card yourself as a backup or for a new smartphone, however, it's often simpler to buy a new microSD card in the same format, if such a card was included with your old phone.

Physical destruction of microSD cards is only necessary if these are faulty. In the case of faulty SIM cards, you'll need to contact your provider to find out whether faulty SIM cards need to be sent back (depending on the contract). Otherwise, the SIM card can be physically destroyed.

A few simple steps to secure data erasure

Storage media store data using something like a "table of contents". In the case of some smartphones, the factory reset ("reset to factory settings") command only has the effect of deleting this table of contents. The data is still present on the storage medium, although it can no longer be accessed (i.e. addressed using the table of contents).

Accordingly, the steps as described below are an important additional security precaution that ensures your data becomes as hard as possible to recover. While no technique can ever offer a 100% guarantee that all data has been removed without trace, the risk can nonetheless be greatly reduced.

Encrypting data

Most new smartphones offer you the option of storing your data in an encrypted format. If you have not yet done this and your smartphone does offer this encryption technology, then you should encrypt your data before proceeding to the final data erasure step. The advantage here is that your encrypted files can only be decrypted with your secret key or password. This makes it impossible for third parties to recover your data without knowledge of your key.

Overwriting data

For older smartphones whose internal storage cannot be encrypted, this internal storage should be overwritten with non-critical data. To do so, you can simply copy large files containing neutral data onto your smartphone. The various app stores now also offer "shredder" apps. Often, however, is not entirely clear whether these apps have been actually (and adequately) evaluated for the corresponding device and the operating system that this device is using. How well the app works on a particular device is therefore unknown.

Resetting a smartphone to factory settings

You have now encrypted or overwritten all of your data. You can now perform a factory reset to reset your smartphone back to its factory settings. This command erases all of your user data and apps from the device. The exact name for this command can vary, depending on the device type. If you have questions, contact your manufacturer or pay a visit to your local phone dealer.