Summary
We offer secure hard drive disposal and recycling services. The cost per drive depends on the time required to complete the process and the level of security requested. The typical cost is about $40 to $60 per drive to cover time and materials.
There are a few options for recycling and complying with EPA guidelines. Services are available that can physically destroy drives once data is erased. Some services will remove and process individual components and materials to make sure they are properly handled. Another alternative, after a secure erase, is that drives can be used for other purposes.
An industry term people search on is “Drive Disposal” or “Drive Destruction” so this page title includes that common term, but our goal is to pursue best practices with environmental stewardship without compromising data security.
Process
This document describes the multi-step process we use. These steps are written so as to be followed by an individual wanting to accomplish the process on their own. For anyone paying for the service to be done, these instructions provide a summary of the work involved. Having the detailed process made public allows peer review and feedback.
Before Getting Started
Here are some important point to consider before getting started.
- ENCRYPTION — If your computer has encryption enabled (Apple FileVault or Windows BitLocker), then your drive is already somewhat obscured by data recovery attempts. If the drive you need to erase has already been entirely encrypted (full volume encryption) then it will be more secure heading into the sanitation process. Any subsequent potentially recoverable data would be meaningless. They are not ‘in the clear’ text files with readable information. You will still want to follow the instructions on this page, but you will be starting with an extra layer of assurance. Note that having only some files encrypted or part of your drive encrypted doesn’t protect from having old deleted files resurrected from non-encrypted partitions. So, having full volume encryption is important. You could turn on full-volume encryption, and allow it to complete, before continuing with the guidelines on this page.
- DATA REVIEW — It’s helpful to review the data on your old drive or device, and consider if there may be any old deleted files you would want recovered. Document this prior to erasing the drive so you have a good idea of what is being permanently destroyed.
- DEDICATED COMPUTER — If you plan to erase hard drives frequently, it may be helpful to have a dedicated laptop computer and work area for the task. A laptop computer with a hard drive dock and the proper utility software for secure drive erasing can perform the lengthy erasing process without disrupting your other work.
- DRIVE DOCK ERASE — Some drive docks have the ability to initiate the internal self-erase function on drives that have that ability. This makes it possible to have a free-standing dedicated drive sanitation system. If you are performing a subsequent data recovery attempt (recommended) that would need to be done with a computer and data recovery software later.
- EQUIPMENT DISPOSAL — Sometimes a person is erasing the drive on a computer prior to donating, selling, or recycling it. If the drive is not easily removable, you could perform a system restore to erase the drive and reinstall Windows. Then perform an “erase all unused space” option from a computer utility program that offers the feature. This will considerably reduce the chances of anyone recovering any of your old data. It’s probably not sufficient to comply with some industry compliance, but fine for personal purposes.
- EQUIPMENT LOAN — If computers are being loaned out, it is good to have them erased between users. In that way, a legitimate effort to recover files by a subsequent user won’t inadvertently restore files from a previous user.
- EQUIPMENT UPGRADE — If you are upgrading your existing equipment to a new drive, you can perform the steps further down on this page, and then retain your old working drive in an enclosure to be used as a backup drive or other use.
- OFFLINE OPERATION — The computer used for drive erasing does not need to be connected to the Internet. It can either be in airplane mode, or simply not connected to WiFi or Ethernet. This can alleviate concerns about hackers accessing the drives prior to the completion of erasing. A quick erase (simple format / initialize) of the drive initially can make sure the file system is not accessible in the time before the secure erase is completed.
- SOLID STATE DRIVE CONSIDERATIONS — Traditional mechanical hard drives have a drive surface area that is almost entirely accessible and usable in most circumstances. However, solid state drives may have areas of the drive that are not accessible by typical drive erasing methods. There are cache areas of the drive where data may be placed by the drive subsystem. For this reason, some drive erasing software will not even allow a solid state drive to be ‘securely erased’ so as to not mislead anyone into thinking their data is secure. If you have large files, like a graduation ceremony video recording in 4K resolution, then a small scrap of data left on the drive cache will not be sufficient to recreate the entire video. Files with smaller bits of information are more likely to be left behind. Using full-volume encryption can help ensure that all data written to the drive is encrypted.
STEP #1 — Documentation
It is helpful to document the process of drive disposal. If sensitive protected data is involved (healthcare, finance, education, or identity), documenting the proper erasing and disposal is a requirement. Here are some points to consider:
- If you have many drives to erase, you will want to make sure each drive has gone through the full process. Keeping track of each drive is essential. You may want to create a spreadsheet with a row entry for each drive, and columns for the date and time each step was completed, as well as any notes.
- In your documentation, include the “Chain of Custody” to document who has had possession of the drive, places of travel, methods of transport, and methods for securing the drive or drives. This attention to detail can ensure the sensitive data was never unattended and it demonstrates proper handling.
- Because secure drive erasing is irreversible, and drives are similar in appearance, it is important to place a unique identifying label on drives to make sure you are erasing the correct drive.
- If the drives are being removed from computers, take a photo of the computer label and drive label together to document the drive originating source. In the photos, include a visible hand-written note with the date and any summary about what the drive contains.
- Take screenshots of the erase process outcome and final results displayed by the software used.
- Attempt data recovery after erasing and get a screenshot to document the drive was securely erased without any recoverable data.
The goal is to track the complete process and document that the drive has gone through the proper procedure. All of this can demonstrate you did everything possible to ensure the proper protective privacy measures were taken.
If you are following these instructions, print or save them as a PDF. The version number at the bottom of the webpage will document specifically what set of instructions you used based on date and time they were last revised.
STEP #2 — Drive Evaluation
Evaluate the drive to determine if it is readable. If the drive is readable, continue to STEP #3. Here are some points to consider.
- If the drive is in a running computer, then it should be readable. Some drives are readable but have platter surface damage limiting full access to the drive.
- If it is an external drive, plugging it into a computer will allow you to test it.
- Some drives may only be visible and readable on some computers. An Apple formatted drive may appear to not be readable to a Windows computer.
- External USB drives can be evaluated and erased using the USB connection.
- Most desktop and laptop computers have removable drives. Some are easier to remove than others.
- If the storage device is soldered to the main logic board, then it will need to be physically destroyed.
For internal drives, to evaluate the drive and perform the erase process, you will typically need to remove it first.
Once removed, the drive is placed in an enclosure or dock. A small enclosure for 2.5-inch laptop computer drives can be purchased for about $12. [Example] A dock is more universal and can typically accommodate laptop or desktop hard drives. [Examples] The cost may be $30 to $120 depending on brand and features.
If the drive is not readable, it should be drilled and disposed of in compliance with EPA guidelines as described in STEP #5.
STEP #3 — Erase Drive
In this step, the drive is erased using 1-pass or 3-pass method (also called wiping or scrubbing). This step can be conducted by yourself or a skilled technician.
The purpose of doing this in-house or by a trusted partner is to make sure that no data remains on the drive prior to having the drive handed over to an unknown person or entity. This simplifies the “Chain of Custody” to ensure the fewest possible points of failure before the drive is later recycled, reused, or destroyed by shredding, crushing, or drilling. If an unethical party attempts to obtain data prior to drive destruction, they will not be able to.
The 1-pass erase method is good for drives with general data, but nothing confidential. Even with this basic level of erasing, it would be very difficult to recover any data.
The 3-pass method is a DoD (Department of Defense) standard and considered sufficient to make data unrecoverable. The 3-pass method takes more time, but provides more security without much more effort.
Apple computers include a Disk Utility program that has secure drive erasing features. On Windows computers, free utility programs are available for secure drive erasing. [Examples] Or careful use of the command-line format command is an option. [Explained]
Note that free utility programs typically, in themselves, do not provide compliance assurance. Here is a disclaimer included with DBAN, a popular erasing utility: “While DBAN is free to use, there’s no guarantee your data is completely sanitized across the entire drive. It cannot detect or erase SSDs and does not provide a certificate of data removal for auditing purposes or regulatory compliance.”
Depending your needs and application, more costly paid tamper-proof audit-compliance erase systems may be necessary. [Example]
STEP #4 — Attempt Data Recovery
Most people consider the process of drive disposal mostly complete with STEP #3. However, to ensure the data was successfully wiped and is unrecoverable, a data recovery attempt should be made.
It takes many hours to conduct a full deep-scan of the drive, looking for meaningful file data. When the deep scan is complete, after a successful erase, the list of recoverable files and data should be empty.
The free demo version of data recovery software can be used for this purpose. The paid versions are only required to unlock the ability to recover files discovered during a scan.
What we’re looking for in this step is to see if a typical data recovery process might reveal data.
By the completion of this step, we verify that it will be close to impossible (or at least extremely costly) to recover the files from your old drive. There could be equipment and software in existence that, given more time, could find some data. For example, government systems used for data forensics, operating on supercomputers.
STEP #5 — EPA Compliant Disposal
As mentioned in STEP #2, f the drive is not readable or operational, it should be drilled and then sent to Western Digital for EPA-compliant destruction and proper handling of components and materials. [Learn More]
A drive that is functional could be sent to Western Digital or a similar drive destruction and materials recycling service. However, working drives can be repurposed. As they are used by having other data written on them, especially if they are filled to capacity with new data, it will be less likely that any recovery of your old data would be possible.
CONCLUSION
Drive shredding and crushing services like Shred-It can destroy drives for a relatively low cost of about $10 to $20. These companies are supposed to hire trustworthy people who have been properly vetted with background checks. Unfortunately, unscrupulous people sometimes end up working at repair centers and other workplaces where they can access and profit from people’s sensitive data like passwords, banking, and account logins. High profile news stories regularly remind us that these things can sometimes happen. So, following the procedure outlines above helps ensure that no sensitive data leaves your possession.
PRICING
The secure drive disposal procedures described above take time, and typically require special equipment and dedicated computers. Here are some considerations and factors that influence cost:
- If drilling is done, special hardened bits are required. These eventually wear out after multiple uses and need to be replaced.
- The computers dedicated to the erasing process will be running non-stop for extended periods of time. Components like fans and power supplies may wear out over time if continually performing drive erasing.
- The process needs to be monitored and periodically checked by a person to ensure it is completing properly.
- In STEP #4 of this process, a full data recovery attempt is performed. This is a service that on its own can cost hundreds of dollars and is very time consuming. Given that the drive should be erased at that point, and no files are recoverable, there’s less work involved, but the full recovery process is performed as it might be later by someone trying to find data on the drive.
- Small fast drives take less time. High capacity drives take more time.
- Older drives generally require special adapters to connect and read.
- In some cases, an older computer may be required to erase an older hard drive. A working hard drive from a non-working 1991 Macintosh Classic computer would require a working vintage Macintosh Classic computer from that era to read and erase the drive securely. With older operating systems, it’s possible that software doesn’t exist for secure drive erasing. It would be necessary to replicate a sizable collection of temp files by copy and paste. Using numbered folders and duplicating them, one can fairly quickly fill up an old drive with data. The previous data is mostly overwritten. Then the drive can be restored.
- In some circumstances, a person may want files recovered from an old hard drive or computer system to have those files put on a more modern accessible drive. Then the old drive needs to be securely disposed of.
All of the above considerations impact the overall cost of secure drive disposal.
Feedback
If you have comments or suggestions for improving these instructions, please contact us. [Contact] Your feedback will help shape and improve this document.
Document History
Updates to this document are listed below in chronological order with the most recent at the top.
- 23 Feb 2022 at 5:00 PM CT — In the “Before Getting Started” section, the following topic entries were added: Dedicated Computer, Dock Erase, and Offline Operation.
- 21 Feb 2022 at 8:50 AM CT — The document was initially posted online.