5 myths about data erasure (and why erasing is not enough)
Erasing feels final, but that feeling is often wrong. A file in the recycle bin, a formatted disk or a phone after a factory reset looks empty while the data is still there. These are the five myths about data erasure we meet most often, with what actually happens in each case and why physical destruction is the only real certainty.
The quick answer. Erasing usually removes the reference to your data, not the data itself. As long as the bits sit physically on the medium, they can be recovered with the right software. Only overwriting to a recognised standard or physically destroying the medium removes that risk, and only a certificate makes it demonstrable afterwards that it happened. Below we debunk five stubborn myths.
Myth 1. Throwing a file away means it is gone
You drag a file to the recycle bin, you empty the bin and it seems to vanish. In reality the system has only deleted the reference to the file and released the space for reuse. The content stays on the disk until something is written over it, and that can take days or months. Free undelete software recovers such files with ease, especially on a disk that is still in heavy use. You see the same misconception in the cloud, where the delete button is an instruction and not a destruction. What really remains there in backups and replication is covered in really deleting cloud data. An empty recycle bin is therefore no proof that data is gone.
Myth 2. Formatting wipes everything
Formatting sounds thorough, but the standard quick format does little more than lay down a new table of contents. The old data stays in the sectors, only the signpost to it has gone. Recovery software ignores that missing index and reads the sectors directly, bringing whole documents, photos and databases back to the surface. A full format that overwrites every sector goes further, but many people choose the quick variant without knowing it. And even a clean overwrite pass is not reliable on every medium, as the next myth shows. Formatting therefore gives a clean feeling without the certainty you think you are buying.
Myth 3. One overwrite pass is enough, even for an SSD
On a classic hard drive the idea largely holds, because a single clean overwrite pass makes the original data practically unrecoverable there. On an SSD that logic falls apart. An SSD spreads writes across its memory cells to even out wear, known as wear-levelling, and also holds part of the capacity aside as a reserve, the over-provisioning. When you think you are overwriting a block, the controller often writes to a fresh cell instead and leaves the old cell with your data untouched. The operating system cannot see those hidden cells, so a software overwrite pass never reaches them. Why overwriting on an SSD falls short in principle is set out in destroying SSDs: why overwriting fails. For an SSD, physical destruction is the only truly sure route.
Myth 4. A factory reset wipes my phone completely
A factory reset returns your phone to its starting state, but whether that also makes all data unreadable depends on the device. Modern devices are encrypted by default, so a reset throws away the key and the data becomes unreadable in practice. Older or cheaper devices without strong encryption often clear only the references on a reset, after which forensic software recovers remnants of photos, messages and accounts. You rarely know in advance which category your device falls into. A step-by-step guide per platform and the cases where erasing is not enough are in safely wiping an old phone. If the device holds sensitive or business data, physical destruction is the safe choice.
Myth 5. Erasing and destroying are the same thing
This is the myth beneath the myths. Erasing makes data unreadable through software and always depends on the medium, the method and whether it truly worked. Destroying makes the medium itself physically unusable, so there is simply nothing left to recover. The difference is not only technical but also legal, because the GDPR asks for demonstrability. An erased disk you give away stays a risk you cannot prove you covered. A destroyed disk with a certificate is a closed file. The distinction between erasing and destroying, and what the NIST 800-88 standard says about it, is worked out in wiping versus destroying a hard drive.
What does work: destroying with a certificate
The common thread through all five myths is that erasing depends on factors you rarely fully oversee. Physical destruction removes that uncertainty, because a shredded or crushed medium can no longer be read. Two standards give a firm footing here. NIST 800-88 has the levels Clear, Purge and Destroy and describes when software erasure suffices and when the medium must go into the shredder. DIN 66399 translates destruction into concrete particle sizes per protection class. How the two relate to each other is in NIST 800-88 versus DIN 66399. Which method suits a hard drive best, from degaussing to shredding and crushing, we compare in degaussing, shredding or crushing.
Close it off with proof. A certificate of destruction with the date, quantity and the level applied is your proof towards the regulator and your own file. Without that paper you cannot demonstrate what was destroyed, when and how, and it is exactly that demonstrability the GDPR asks for.
How to do it right in 5 steps
- Assume the worst case and treat every medium as if the data can be recovered.
- Erase only where erasing provably works, preferably on an encrypted medium.
- Destroy SSDs and phones physically instead of trusting an overwrite or a reset.
- Choose the right level to NIST 800-88 or DIN 66399.
- Ask for a certificate and record the destruction in your record of processing.
Have data carriers destroyed instead of erased?
Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.
Request a quoteFrequently asked questions
Is a file in the recycle bin really gone?
No. Emptying the recycle bin removes only the reference to the file, not the content itself. The bits stay on the disk until they are overwritten, and until then they can be recovered with free undelete software.
Does formatting or a factory reset wipe all data?
Not fully. A quick format and many older factory resets mainly clear the index, not every sector. Without encryption or a controlled overwrite pass, chunks of data remain that can be reconstructed.
Why is wiping an SSD unreliable?
Through wear-levelling and over-provisioning an SSD moves data across spare cells the operating system cannot see. A single overwrite pass never touches those hidden cells, so remnants stay behind. For an SSD physical destruction is the only sure method.
What is the difference between erasing and destroying?
Erasing makes data unreadable through software and depends on the medium and the method. Destroying makes the medium itself physically unusable, so there is nothing left to recover. Only destruction with a certificate is demonstrable.
Conclusion
The five myths share a common flaw. They confuse a clean screen with a clean medium. The recycle bin, the quick format, the overwrite pass and the factory reset each leave data behind that returns with the right software, and on an SSD even overwriting is unreliable. Whoever wants certainty destroys the medium physically at the right level to NIST 800-88 or DIN 66399 and keeps the certificate as proof. Then data erasure is no longer an assumption but a closed file.
Read also: 7 data carriers you cannot just throw away, 7 mistakes when destroying business documents, wiping versus destroying a hard drive and NIST 800-88 versus DIN 66399.
Have data carriers collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.