Ohio University

Sanitizing Digital Media

Securely erasing digital media

Sanitizing media refers to the process of removing data from a device in a way that there is no reasonable way to recover it. This is an important step in ensuring that proper handling of sensitive data stored on computers, USB drives, phones, etc. is maintained through the lifecycle of those devices. When these storage devices reach the end of their useful life the sensitive data needs to be removed or destroyed.

The sensitivity of the data will determine the sanitization method required. After classifying the sensitivity of your data, you can refer to our Media Sanitization Standard to determine which method you will need to use and how to do it. If your data is classified as high sensitivity, you should additionally document the details of the storage device and sanitization for your records. For a template, you can use our Certificate of Media Sanitization form or the Batch Certificate of Sanitization form for multiple medium to low sensitivity devices.

The department or individual responsible for the sensitive data must ensure that the data is securely removed from the device before it leaves their control. Similar to how you would shred a paper containing sensitive information, digital media has a few options for rendering data unreadable. Please note that HIPAA covered entities must follow the Standard for HIPAA Destruction-Disposal of Patient PHI, which includes labeling the media as PHI and coordinating with OIT for destruction.

Sanitization Methods

There are three different methods used in data sanitization:

  • Clearing. Clearing data is the most common sanitization method. It prevents data from being retrieved, aside from advanced technology used in laboratory settings.
  • Purging. Purging data prevents the information from being feasibly recovered even in a laboratory environment.
  • Destroying. Destroying data renders the information unrecoverable and hinders the media itself unusable.

Digital Sanitization by Data Type

Sanitization Method

Low Data Sensitivity

Medium Data Sensitivity

High Data Sensitivity

Clearing

Recommended

Required

Required

Purging

Optional

Recommended

Required

Destroying

Optional

Optional

Required