Data Protection Authority Recommendation on data sanitisation and data medium destruction techniques Information media erasure and destruction guide | Version 1.01 - 23/03/2021 1 1 WARNING: This document is intended to provide additional explanation to the rules in force and does not exempt the controller from its obligations and responsibilities under the GDPR and other applicable texts. Considering its requirements and the risk analysis that it carries out or plans, it shall use one or the other tool and method, given in particular the evolution of knowledge and technologies. The different tools and brands cited in this document are cited for the sole purpose of providing examples. The Authority makes no representation as to their compliance with the GDPR and other regulations or as to their quality and performance. Information media erasure and destruction guide | Version 1.01 - 23/03/2021 2 2 TABLE OF CONTENTS Summary ............................................................................................................................................................................. 6 1. Introduction ..................................................................................................................................... 7 Limitations ................................................................................................................................................................... 9 Target audience...................................................................................................................................................... 10 Objectives .................................................................................................................................................................. 10 2. Preliminary principles and concepts ...................................................................................... 11 2.1. Information classification and inventory .......................................................................................... 11 2.1.1. The type and categories of data on the medium ................................................................... 11 2.1.2. The nature and characteristics of the medium ..................................................................... 12 2.2. Processing steps ........................................................................................................................................... 13 A. Policy (security and confidentiality) ...................................................................................... 13 B. Inventory ........................................................................................................................................................ 14 C. Risk analysis ................................................................................................................................................ 14 D. Security measures ................................................................................................................................. 15 E. Assessment .................................................................................................................................................. 15 F. Documentation .......................................................................................................................................... 16 G. Example ........................................................................................................................................................... 16 2.3. In the best of all worlds.............................................................................................................................. 17 3. The different methods and techniques ................................................................................. 18 3.1. Introduction ...................................................................................................................................................... 18 3.1.1. Important details ..................................................................................................................................... 18 3.1.2. Three levels of confidentiality ........................................................................................................ 18 3.1.3. Processing not supervised by the controller ........................................................................ 20 3.2. The data medium is retained ................................................................................................................ 20 3.2.1. Erasure - overwriting ........................................................................................................................... 20 3.2.1.1. Clear level - Third party software ........................................................................................ 22 A. Magnetic hard drives ........................................................................................................................... 22 B. Flash memory media ............................................................................................................................23 ATA or SCSI Solid-State Drives (SSD) .......................................................................................................24 USB keys .................................................................................................................................................................... 25 C. Important points ..................................................................................................................................... 25 3.2.1.2. Purge level - Integrated commands ................................................................................. 25 A. IDE/ATA magnetic hard drives .................................................................................................. 26 ATA commands - details .................................................................................................................................. 26 Secure Erase - confusion .................................................................................................................................. 27 B. Magnetic SCSI hard drives ............................................................................................................ 28 C. Common notes for ATA and SCSI hard drives ............................................................. 28 Information media erasure and destruction guide | Version 1.01 - 23/03/2021 3 3 D. Solid State Drives (SSD) .................................................................................................................. 29 3.2.2. Anonymisation ....................................................................................................................................... 30 3.2.3. Degaussing ............................................................................................................................................... 30 3.2.4. Cryptographic erase (crypto-erase - CE) ................................................................................. 31 3.2.4.1. Integrated commands...............................................................................................................32 3.2.4.2. SEDs ....................................................................................................................................................32 3.2.4.3. Security vulnerabilities of SEDs ......................................................................................... 33 3.2.4.4. Important points ......................................................................................................................... 33 3.2.4.5. Risks .................................................................................................................................................. 34 Ideal situation .......................................................................................................................................................... 35 3.3. The data medium is destroyed ............................................................................................................ 35 3.3.1. Segmentation of techniques ............................................................................................................. 35 3.3.2. Physical deformation ............................................................................................................................ 36 3.3.3. Shredding, crushing and disintegration.......................................................................................37 3.3.3.1. Shredding .........................................................................................................................................37 Solid State Drives - SSDs ................................................................................................................................. 38 3.3.3.2. Crushing .......................................................................................................................................... 38 3.3.3.3. Disintegration ............................................................................................................................... 39 3.3.3.4. Notes ................................................................................................................................................. 39 3.3.4. Incineration ................................................................................................................................................