Disposal of Media Containing Protected Data

When disposing of media containing UH Sensitive or Regulated data, the custodian must ensure that information is unrecoverable. For specific guidance, please refer to the following NIST Special Publication: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

Digital Deletion / Clearing

Secure Overwrite

Prior to using any of the tools listed below, backup any data that you would like to retain.

Note: Full-drive erasing tools can only be effectively used on Hard Disk Drives (HDD). Solid State Drives and other flash storage media will need to use enterprise(Blannco, Parted Magic, etc.), or manufacturer provided tools(Samsung Magician, Seagate Seatools, etc.). Full disk encryption tools such as Bitlocker and FileVault along with a reformat of the drive can be done instead to render the data unreadable (Cryptographic Erase).

Individual File Erasure Tools

Secure Deletion Tool macOS Windows 10 Linux Description
Spirion X X Spirion (Formerly Identity Finder) is provided by ITS as a tool to scan for Personally Identifiable Information (PII) and can be used to securely delete individual files containing using a secure overwrite feature.
Eraser X Free open-source software to securely erase individual files/folders.
sDelete X Native Windows command line utility that can be used to delete individual files/folders.
srm X A linux command that is available as part of the secure-delete suite to securely delete individual files. To use srm, you may need to install the secure-delete suite with your linux distribution’s package manager. Please note that there are limitations for NFS & Raid.

Full Disk Erasure Tools

Secure Deletion Tool macOS Windows 10 Linux Description
Nwipe/DBAN X X X Free open-source software that securely erases the entire contents of a Hard Disk Drive (HDD) regardless of the Operating System. Needs to be booted from a USB/CD drive. Note: Do not use DBAN to wipe a Solid-State Drive (SSD).
Disk Utility X Native macOS tool that can securely erase the entire contents of a disk via the GUI or command line.

Factory Reset

Perform a full factory reset on devices such as networking equipment, Multi-Function Devices (MFDs), and Internet-of-Things (IoT) devices to reset to factory default settings.

Media Purge

Degaussing

Use a strong magnetic degausser to sanitize magnetic media such as Hard Disk Drives (HDDs). Note: This renders the drive un-useable.

Cryptographic Erase

Utilize cryptographic erase feature on self-encrypted drives to erase cryptographic keys, rendering data unrecoverable. Cryptographic erase can also be performed by utilizing full-disk encryption, then reformatting the disk to render data unrecoverable.

Physical Destruction

Unerasable or Unerased Media

Pulverize or shred hard disk drives, USB removable devices, CDs, DVDs, etc. before physical disposal.

Paper Documents

Paper documents and printouts containing protected information must be shredded before disposal, ideally using a crosscut shredder.

Contracting for Disposal

These requirements may be fulfilled by contracting with a professional disposal firm engaged in the business of record destruction using methods consistent with this policy, provided that the data custodian conducts appropriate due diligence on the company. State law (Hawaiʻi Revised Statutes §487R-2 ) provides that such due diligence may include: reviewing an independent audit of the company; checking references and requiring independent certification; or reviewing the company’s policies and procedures.