Ohio University

Erasing Data from Devices

The process of securely erasing data from a device is referred to as sanitizing digital media. This is an important step in the proper handling of sensitive data stored on computers, USB drives, phones, etc. When these storage devices reach the end of their useful life, the sensitive data needs to be removed or destroyed.

There are three methods of erasing data from a device: clearing, purging, and destroying. The sensitivity of the data on the device determines which method of removal should be used. After classifying the sensitivity of your data, refer to Ohio University's Media Sanitization Standard to determine which data removal method is required and how to do it. If the data is classified as high sensitivity, it is recommended to document the details of the storage device and method of data removal for your records. For a template, refer to the Certificate of Media Sanitization form or the Batch Certificate of Sanitization form for multiple devices with medium- to low-sensitivity data.

The department or individual responsible for the sensitive data must ensure that the data is securely removed from the device before it leaves their control. Similar to how you would shred paper containing sensitive information, digital media has a few options for rendering data unreadable. Please note that HIPAA covered entities must follow the Standard for HIPAA Destruction-Disposal of Patient PHI, which includes labeling the media as PHI and coordinating with OIT for destruction.

Data Removal Methods

There are three different methods used to erase data from devices:

  • Clearing. Clearing data is the most common sanitization method. It prevents data from being retrieved, aside from advanced technology used in laboratory settings.
  • Purging. Purging data prevents the information from being feasibly recovered even in a laboratory environment.
  • Destroying. Destroying data renders the information unrecoverable and hinders the media itself unusable.

Recommended Removal Methods by Data Sensitivity

Removal Method

Low Data Sensitivity

Medium Data Sensitivity

High Data Sensitivity

Clearing

Recommended

Required

Required

Purging

Optional

Recommended

Required

Destroying

Optional

Optional

Required