To Order, Call Sales (888) 236-9501
 
 

Technology Articles

The Hard and Soft of Deleting Data, Part I

Don't Let Data Come Back to Haunt You

By: Robert H. Spencer, PhD
Intuit ProConnection Really Simple
You can bring these articles to your desktop as soon as they are published.


Already a ProConnection subscriber?
Update your profile and personalize your ProConnection experience.
Update your profile

Not a subscriber yet?
Sign up now for free and start receiving customized newsletters directly to your inbox.
Sign up now

Bob Spencer In its most recent study as of press time, the U.S. Environmental Protection Agency (EPA) reported that between 26 and 37 million computers came to the end of their life cycles in 2005, and that's just desktop and laptop computers. Add in peripherals, servers, and other computer storage devices (which the EPA tracks separately) and the number is much higher. 1



An article published by IBM in late 2006 relied on those higher numbers to report that the United States discards 250 million computers every year.2

When improperly thrown out, computers endanger the environment. And another serious issue is that much of the sensitive data stored on the systems hard drives is unprotected. Even if users studiously delete files or even format the hard drives first, smart thieves can often recover sensitive files.

That's why you need to think about best practices for both the software and the hardware aspects of deleting sensitive files. We'll start with the software part of the equation: the data or file side.

The Data Side of Deleting Data

Most computer systems store sensitive information on local hard drives, and discarded computers are no exception. The data is in the form of easily recoverable files or file remnants. This is trash that could quickly become a treasure to someone else.

The Law May Not Be On Your Side. While you might think it would be illegal for someone else to read your information, reading someone else's data is not necessarily illegal. The IBM article notes that a 1998 U.S. Supreme Court ruling means that we waive most of our rights to privacy when we discard materials. In other words, if you leave "it" on the curb, or throw "it" away, "it" is fair game for anyone else to retrieve. So the burden to protect sensitive information remains with you and your clients.

So, how do you protect yourself? To understand the risk, it helps to review what happens when you delete a file, and why sometimes even the entire file may be brought back to life.

Why Hitting the Delete Key Is Not Enough

Many of you know some or most of these issues relating to file deletion, but let's take them in order.

  1. When you delete a file, the operating system "flags" the file as no longer needed and lets the file handler know that this space is now available to be used for new data. The old data that is still stored across the surface of the disk and not actually removed or written over until another program comes along and needs to store something, then the operating system looks for available space and releases to be used in small sections called blocks. Only when all the old blocks of data are written over will all the old data be gone! If you delete a file, the file is listed in the Trash Can (Mac) or Recycle Bin (Windows), but these files are not deleted and the space made available to be used until you actually elect to "empty" the icon.
  2. Emptying the Trash Can or Recycle Bin marks the file space as available for; remember, the data is not actually removed. Typically, what happens is that the operating system flags the directory file entry that the space is now available and will use that space as it is needed for new files.3


    3. Deleting a file does not really erase the information; it merely erases pointers to the information.


  3. But even if the old file directory space is reused, the old data is still distributed over the hard drive in small pieces called blocks, until a new file overwrites all the blocks of data that make up the deleted file. Up to that point, the entire file or pieces of the file can be easily recovered. There are a number of free downloadable utilities, which can be used to recover some or all the data blocks of supposedly deleted files. There are also utilities that can be used to not only delete a file entry in the directory but to write over the data blocks themselves to make recover much more difficult.

Many of your clients do not realize that when they delete a file, they are only putting it into an electronic limbo. From that limbo, they can be retrieved by skilled computer criminals, curious minds, or perhaps computer forensic specialist.

Utilities to Undelete Files

A quick web search will provide you with a number of free utilities to undelete files. Utilities such as these are used to recover lost files, as well as to find out what people have been doing and to recover supposedly deleted files from discarded computers.

Figure 1 shows a screen from one such utility, in this case FreeUndelete.

FreeUndelete1.0

Figure 1. Example of Delete Utility

Best Data Practices

So how do you protect yourself? How can you safely remove expired data? While reformatting the hard drive makes it harder to access files, this method is really just a more advanced way to obscure information that still remains on the computer. Data-wiping utilities that overwrite hard drives with random binary numbers may be more effective, but can be time consuming. As we discuss in the disposal of hardware article, the most effective method is to remove the hard drive take out the data disk and smash it pieces. This not only ensure the destruction of the data stored on the drive, but many report that the exercise is personally rewarding. (My feeble attempt at humor, but true.)

When you consult with clients, agree on an acceptable level of security when it comes to deleting data. Clients may look to you for your recommendation. It is not always necessary to physically destroy the disk when disposing of a system, but potentially wise. If you know the system is to be recycled and that someone may later use the hard disk, one of the DOD compliant data removal utilities should be ran against the drive. We have listed a few of these below.

Many companies find a safe harbor in relying on programs that meet the minimum Dept. of Defense guidelines. For reference, visit the website for the National Industrial Security Program Operating Manual (publication DoD 5220-22-m) to download guidelines in PDF or RTF format. Or search for other sites to find a full or abbreviated version.

Programs That Help You Erase Disk Drives

Reformatting software programs that comply with government accepted standards include

More options can be found at shareware sites like Shareware Connection or Shareware.com.

Beyond DOD Standards. For some, these guidelines may not be stringent enough. Be prepared to encounter stricter guidelines for clients who deal in highly secretive data or are concerned about loss of intellectual property.

Next. In Part II, we discuss what you need to know about disposing of hardware even after deleting files.

Notes

  1. EPA Fact Sheet: "Management of Electronic Waste in the United States," [PDF] U.S. Environmental Protection Agency Draft Report [EPA530-D-07-002], November 2007, Table 1 (7). Including other peripherals and other electronics like cell phones and printers, and the units jump to 250 to 347 million. This works out to 1.9 to 2.2 million tons of equipment.
  2. IBM, "In Focus: Recylcling PC Equipment Can Turn Trash into Cash," November 1, 2006. Content is © Copyright IBM Corporation 1994, 2008. All rights reserved.
  3. The process is a bit more complicated. A quick tutorial on file deletion and overview of how Windows uses file allocation tables is at Gabriel Torres, "How to Really Delete Your Files," May 11. 2005, Hardware.com.

Dr. Bob Spencer is an internationally recognized writer, lecturer and consultant. You may e-mail him drbob@tsif.com, or visit him at Twenty Seconds In the Future.

Last Updated: 04/02/2008


 
 
© 2009 Intuit Inc. All rights reserved. Intuit, the Intuit logo, QuickBooks, ProSeries and Lacerte, among others, are registered trademarks and/or registered service marks of Intuit Inc. or one of its subsidiaries. Other parties' marks are the property of their respective owners. Terms, conditions, features, pricing, support and service are subject to change at anytime without notice.
 
Accounting Solutions
QuickBooks Products for Accountants
QuickBooks ProAdvisor Program
QuickBooks Premier Accountant Edition
Intuit Statement Writer
Intuit Payroll Solutions
QuickBooks Solutions for Your Clients
 
ProSeries Tax Solutions
Professional Tax Software
Professional Tax Resources
Tax Document Management
E-File Resources
More Tax Practice Management Tools
Lacerte Tax Solutions
Professional Tax Preparation Software
Professional Tax Software Resources
Tax Document Management
Tax Analysis Software
More Tax Practice Management Tools
 
More Products & Solutions
Tax & Accounting Solutions for Your
Whole Firm
Intuit ProConnection Newsletter for Accounting & Tax Professionals
Intuit Product Discounts
Accept Credit Cards, Checks & More
Intuit Product Resources for Educators
Tax Professionals Wiki
More Tax & Accounting Productivity Products
More Tax & Accounting Services
 
Training Resources
QuickBooks Certification
Tax & Accounting Software Training
QuickBooks Accounting Software Training
Lacerte Tax Software Training
ProSeries Professional Tax Software Training
Additional Resources
Community
Support