How to get properly rid of confidential data?

Have you ever bought a used laptop on ebay? Try it and you might not only get (hopefully) functional hardware, but also a bunch of personal files, intriguing photos, sensitive documents, etc. Not everybody worries enough to clean the local hard disks properly before selling their equipment or giving it away. So the next owner of the hard disk can comfortably crawl through the remaining data, and use it at his or her convenience...

 

In fact, properly cleaning a hard disk is difficult! Deleting local files or formatting the hard disk usually just purges the files from being listed in the folder, but the actual data remains intact on the hard disk. Freely available tools can easily reconstruct those files and, thus, expose it. It is better practice to get rid of your files by running tools like “shred” on the Linux platform (try “shred –fuvzn1 [FILENAME]” or check “man shred” for details), or “File Shredder” from CNET for the Windows operating system. Both tools overwrite files with random bytes such that it is close to impossible to reconstruct the data afterwards. However, if you cannot run those tools (for example, because the disk is broken), it is best to destroy the hard disk. At CERN, this is the recommended procedure for (broken) disks containing confidential or sensitive data (see the CERN Data Destruction Policy).

So don’t be negligent if you run a service at CERN that stores confidential data such as financial, medical or personal information. Never allow such hard disks to leave the Organization, e.g. for maintenance reasons. Furthermore, ensure that your hard disks are properly destroyed once you phase out the corresponding PC hardware. The Computer Security Team, in collaboration with the IT Computer Centre Operation Team and the GS Logistics Service, can collect your hard disks and magnet tapes which hold confidential data. These are then stored in a sealed container situated in the Computer Centre (Building 513) and regularly emptied by a company specializing in the safe destruction of hard disks.

Take advantage of this service for the sake of confidentiality – and at zero cost! If you would like to safely get rid of your hard disks and tapes (or laptops or USB sticks), please bring them to the operator's desk in the CERN Computer Centre (building 513).

For further information, check our web site or contact us at Computer.Security@cern.ch

by Computer Security Team