Our collective awareness is now sharply focused on issues of third party data collection, surveillance and data exfiltration. This is a welcomed change and long overdue, but government, corporate, or criminal collection of data from our online activities accounts for only part of the overall threat to private or sensitive data.
Physical loss, theft or improper disposal of laptops or removable drives is the most common data breach of electronic personal health information. You need only use the breach tool at the US Department of Health and Human services for a sobering confirmation of just how frequently these collectively occur.
Much has already been written about using file or full drive encryption to protect against surveillance, physical loss or theft. Less attention is paid to improper disposal, but dumpster diving incidents still expose thousands of individuals to personal identifying or health data disclosure (1, 2), as do resale of laptops or drives on auction sites.
Criminals are quite comfortable with and routinely use encryption to obfuscate malware. They also employ encryption in ransomware (CryptoLocker). Your encrypted data are vulnerable, too: once physical possession of a drive is obtained, time favors the criminal or attacker. If he feels the improperly disposed data are sufficiently valuable, he can try commercial or custom software to recover encrypted data.
Encryption is good, and without question raises the bar for protecting data. Secure erase raises it further. Secure erase "writes over" the actual contents of your volume, not just the "metadata" that describes them. Only degaussing or data destruction are more effective.
Securely erasing drives before disposal makes sense and it’s easy to do using Disk Utility's Erase feature on a Mac. Backup whatever data you want to keep, and choose one of the following options.
Securely Erase MacBook Internal Drives
If you want to securely erase the internal drive of a MacBook before you sell or trash it, you’ll have to (a) boot Disk Utility from a Mac OS X Installation DVD for versions up to and including 10.6 or (b) boot the utility from the OS X Recovery Partition. Both of these are very neatly explained at MacTip.net.
Securely Erase Removable (USB) Drives
To securely erase a removable pen/thumb drive or external drive from a MacBook, connect the drive and run Disk Utility directly from Mac OS X.
I use the USB option when I retire PC laptops, too, by removing the internal drive and mounting it in a USB drive enclosure as shown in (4). It's often not necessary to retire a laptop and everything in it at the same time. Drives may outlast a laptop’s utility, especially if an expensive component other than the drive fails or is damaged. And if the drive does fail, I suggest you either keep it or destroy it.
Should I Bother?
If you have drives or removable media on which you've stored personal identifying information, healthcare information, sensitive business data, confidential or classified data, whether yours or others, you should at least encrypt these data. Secure erase may seem like overkill, but all you're investing is a few minutes to configure Disk Utility. The rest is simply a matter of devoting idle CPU cycles to an effective privacy measure.
Comments
You can follow this conversation by subscribing to the comment feed for this post.