[This blog post is excerpted from a fuller article published in In Brief and available here.]
If you have old computers and other office equipment laying around in your law office or home, there is a good reason they are still with you and not in the dumpster. This article will discuss why you should be concerned about the data in your devices and the proper way to dispose of them.
Why it mattersOregon Rule of Professional Conduct 1.6(c) requires lawyers to take reasonable steps to prevent the inadvertent disclosure of or unauthorized access to client information. To comply with this rule, you need to make sure client data stored in your computer and other media aren’t compromised when you get rid of the devices. This requires you to ensure that data stored on these devices cannot be reconstituted after they leave your control. It’s necessary that you permanently wipe data from the devices before donating or recycling them. Disposing of office equipment or devices without first permanently deleting data is an ethical and malpractice risk.
Deleting files is not enoughWhen you delete files on your computer and then empty the recycle bin, that operation does not permanently erase the files. You can’t see the files anymore, but they are still in the operating system. The files aren’t completely gone until you override the space with something else. Even reformatting or partitioning the hard drive will not permanently delete data. That task only erases the location of the data, but not the data itself. You need to do more. Unless data on your computer are permanently deleted, they are recoverable using a low-level disk editor or a recovery tool.
Options for permanent data erasureYou have two ways to completely destroy data: (1) use specialized software to overwrite the data; or (2) physically destroy the hard drive.
Using data sanitization softwareSpecialized software tools permanently delete files from your computer by overwriting the information with random data. When this “data sanitization” method is used, overwritten data can never be un-deleted with a file recovery tool. Software that permanently delete selected files are called file shredder programs. Software that completely erase the entire hard drive, not just selected files, are called data destruction programs.
Whether you should use a file shredder program or data destruction program depends on your needs. If you’re looking to recycle, refurbish, or donate your computer, then use a data destruction program to completely wipe the hard drive. If you’re still using your computer but want to permanently delete unwanted files, then a file shredder program is appropriate.
Here is a sample list of free file shredder and data destruction programs for Windows.
- File shredder programs: zDelete (www.zdelete.com), Eraser (https://eraser.heidi.ie) and Freeraser (www.freeraser.com). Other programs: Securely File Shredder, File Shredder, Secure Eraser, WipeFile.
- Data destruction programs: DBAN (Darik’s Boot and Nuke) (https://dban.org); HDDErase (https://www.lifewire.com/hdderase-review-2619137); CBL Data Shredder (www.cbldatarecovery.com/data-shredder). Other programs: KillDisk, MHDD, Format Command with Write Zero Option.
Physically destroying the hard driveYou can also permanently destroy your hard drive by brute force. You’d need to open the computer to locate the hard drive. You’d want to access the disk platter inside the hard drive. It is the platter (the device that stores most of data on your computer) that you need to physically destroy. Take the drive outside and use a hammer to smash it to pieces. You could also drill a few holes in the platter just to be safe. Once the drive is physically obliterated, take the parts to any place that recycles electronics.
Alternatively, take your computer to an electronic recycling facility to physically destroy the hard drive. Some vendors allow you to witness the onsite destruction. Two vendors in the Portland Metro area provide this service:
2950 NW 29th Avenue
Portland, OR 97219
10105 SE Mather Road
Clackamas, OR 97015
Additional steps are also required to permanently delete data from office equipment as well as data stored in the cloud, smartphones and tablets. That information is discussed in the full article in In Brief.