How do you usually delete a file? Chances are that you simply select the file and then click "delete". Though this may be sufficient to clear up some storage space, deleted files are often still retrievable. This can be a good thing if you want to retrieve a file you deleted by mistake, but it also means that deleted files are still vulnerable to attacks. For this reason, additional steps should be taken to delete files that contain sensitive data, including personally identifiable information (PII) like social security numbers, banking or credit card information, medical or student records, or other sensitive institutional data.
This article outlines what steps you should taken when you need to delete a file with sensitive information in relation to your work at Dartmouth College.
When should I delete files?
What happens to deleted files?
Once removed from trash or a recycle bin, are files gone forever?
Choosing a solution to securely delete files
Destroying a hard drive or removable storage device
Deleting files on cloud storage
To start, it is important to note that if you have been directed to preserve data, you should not delete it. Dartmouth's Records Retention and Destruction Policy, along with your department's data retention policy, should help you determine when it is appropriate for data to be deleted.
A deleted file is often sent to a trash or recycle bin. These are essentially holding areas for files, allowing you to restore a deleted file if needed. Sometimes these will automatically empty after a certain amount of time (for example, Google Drive automatically deletes files in a user's trash after 30 days, while SharePoint automatically deletes files in a user's recycle bin after 93 days), but sometimes you will have to manually empty your system's trash or recycle bin. If you are putting sensitive files in trash or a recycling bin, it is important to ensure these are emptied on a regular basis.
When you clear your trash or recycle bin, these files will become much more difficult to access using methods. However, when deleting files from a hard drive or removable storage, the files will still remain in hidden areas that can be uncovered with deep scanning software. The only way to completely remove the files is by overwriting these areas with new content. Though adding new files to your device can help with this, there are a number of software programs designed to complete this task more quickly and effectively.
When choosing a software program to effectively overwrite your hard drive or removable storage, look for the following characteristics:
- The program should run a "Secure Erase" command, which overwrites all areas of the system, including areas not being used
- The program should add multiple layers of data by running several passes (three to seven, depending on the sensitivity of the data) over your system.
- The program should use random data to overwrite the system (as opposed to easily identifiable patterns)
- The programs should use zeros in the final layer/pass to add an additional level of security.
To ensure you find a program that includes these characteristics, you can search for programs that are compliant with NIST ST 800-88 Guidelines for Media Sanitization. Compliant programs include Dell Data Wipe (for Dell devices only), BitRaser, and Blancco. If you are using a Mac device that is equipped with an SSD (solid state drive), you can follow these steps to securely erase the SSD.
If your concern is more for specific files rather than an entire hard drive or removable storage device, some programs give you the option of overwriting individual files.
No matter what method you use, always make sure to back up important data before beginning the data overwriting process!
Below is a list of some steps you can take to completely destroy a hard drive or removable storage device containing sensitive information. Please note that these steps should only be taken for hard drives or removable storage devices that you never intend to use again.
- Physically destroying the device (e.g. shattering a CD or DVD, smashing a thumb drive with a hammer, etc.)
- Using a hardware device that destroys CDs or DVDs by destroying their surface (e.g. shredders designed to shred CDs and DVDs)
- You can also have the Dartmouth College Records Management department assist with the disposal of media containing PHI and PII.
Depending on legal obligations and your department's data retention policy, you may need to have a record of data that you have destroyed. This can be achieved with a Certificate of Destruction. A sample template for a Certificate of Destruction is included as an attachment for this article.
Different cloud services will have different standards for purging files. For files you are wanting to permanently delete from a cloud drive, you should look up the data purge policy for that specific service. For example, Google Drive administrators can still retrieve a file within 25 days after a user deletes it from their trash. After 25 days, Google purges those items and they can no longer be restored.