HomeKnowledge base › 7 data carriers you cannot throw away
Data carriers

7 data carriers you cannot just throw away

Old hard drives, USB sticks, tapes and phones ready for physical destruction

Deleting is not the same as destroying. On almost every data carrier, data physically remains after you delete a file or reset a device. Anyone who simply puts an old drive, phone or tape out with the waste is giving away recoverable customer, personnel and payment data. These are the seven data carriers you never just throw away, with, per carrier, why deletion fails and how to do it safely.

The quick answer. Deleting only removes the reference, the data is still there. Overwriting does not work reliably on memory that moves cells around, and a reset far from always touches everything. For sensitive data the only certainty is physical destruction of the carrier itself, with a certificate as proof. Below are the seven carriers where this most often goes wrong.

1. Hard drives (HDD)

Dragging a file to the bin and emptying it removes only the reference in the index. The content stays on the magnetic platters until new data overwrites it, and with standard recovery software it can be retrieved. Even formatting often leaves readable remnants behind. An old drive from a PC or server holds years of email, administration and customer data. If you want to be sure nothing comes back, you have the drive physically destroyed into particles, not merely wiped. The difference between the two is in wiping versus destroying a hard drive.

2. SSDs

With an SSD, overwriting is precisely what does not work reliably. Through wear-levelling the controller spreads writes across all memory cells to even out wear, so your wipe command touches cells other than where the old data sits. Spare cells the user never sees stay out of reach. Software that would suffice on an HDD leaves remnants on an SSD that are readable with forensic means. That is why physical destruction to particle level is the norm here. Why erasure structurally falls short on SSDs is set out in destroying SSDs and why overwriting fails.

3. USB sticks and memory cards

USB sticks, SD cards and microSD cards use the same flash memory as an SSD, with the same limitation. A quick format or deleting files leaves the data largely in place, and it is exactly these small carriers that end up everywhere, in drawers, bags and old cameras. They often hold backups, photos, scans of identity documents or exports from your administration. Throwing them away or reselling them without destruction is a data breach in the making. Collect single carriers and have them physically destroyed. How to go about it is in disposing of USB sticks and memory cards.

4. Backup tapes (LTO)

LTO tapes may seem outdated, but they still sit in countless server rooms and archive cabinets. A tape often holds a complete backup of your systems, so a full copy of customer files, email and administration on a single cartridge. Overwriting or a software erase gives no guarantee that every trace is gone, and a tape that lies in a cabinet for years is a live data breach. Do not keep them longer than needed and have expired tapes physically destroyed rather than stored or thrown away. See clearing backup tapes and LTO.

5. Smartphones and tablets

A factory reset feels final, but it is not always. Modern devices lean on encryption, and a reset is only truly safe once the encryption key is reliably destroyed and the memory fully cleared. Older or cheaper devices do not always do that completely, and accounts, photos, chats and business email can partly come back. For devices with sensitive or business data, physical destruction is the only hard guarantee. When a reset suffices and when it does not is in destroying corporate smartphones and tablets.

6. CDs, DVDs and Blu-rays

Optical discs get forgotten because they feel old, but a burned CD or DVD with a customer file or backup is still readable. Snapping or scratching does not help enough, because large readable surfaces remain and can be reconstructed with patience. A disc does not belong loose in the general waste, certainly not with personal data on it. For optical carriers there is a dedicated destruction level, where the disc is reduced to fine particles. Why scratching falls short and which level fits is in destroying CDs, DVDs and Blu-rays.

7. The hard drive in printers and multifunction devices

The most forgotten data carrier sits in the middle of the office. Almost every business multifunction device holds an internal hard drive or SSD that stores scans, prints, copies and faxes, temporarily or permanently. At lease end the device goes back to the leasing company, often without anyone thinking of that drive. So a drive full of confidential documents leaves your premises unnoticed. Before return, have the drive wiped or removed and physically destroyed. The lease-end trap is in multifunction printers and the forgotten hard drive at lease end.

How to do it right in 5 steps

  1. Inventory every carrier, from HDD and SSD to tapes, phones, discs and printers.
  2. Do not rely on wiping or resetting for sensitive data, choose physical destruction.
  3. Collect the carriers sealed and keep the chain closed until destruction.
  4. Choose the right level under DIN 66399 and NIST for the type of carrier.
  5. Request a certificate and record the destruction in your record of processing.

Data carriers to be destroyed with a certificate?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN and NIST level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Destroy physically and with a certificate

The common thread across all seven is the same. Deleting removes a reference, but the data physically stays on the carrier until the material itself is made unusable. Physical destruction follows fixed standards. DIN 66399 has separate levels for magnetic, electronic and optical carriers, and the American NIST guideline describes when wiping, degaussing or destroying is appropriate. Which method wins per carrier, from magnetic field to shredder, is in degaussing versus shredding versus crushing. Afterwards you get a certificate with the date, quantity and level, your proof towards the regulator.

Frequently asked questions

Is deleting data the same as destroying it?

No. Deleting removes a reference or overwrites a part, but on many data carriers the data physically remains and can be recovered with the right software. Destroying means the carrier itself is made physically unusable, so nothing can be reconstructed.

Why is a factory reset not enough for an SSD or phone?

An SSD and a phone move data across memory cells through wear-levelling, so a reset does not touch every cell. Without working encryption and a destroyed key, remnants can stay behind. When in doubt, physical destruction is the only certainty.

Is there really a hard drive in a printer or multifunction device?

Yes. Most business multifunction devices have an internal hard drive or SSD that keeps scans, prints and faxes. At lease end the device often goes back without that drive being wiped or destroyed, with a data breach as the risk.

Do I get a certificate when data carriers are destroyed?

Yes. After destruction you receive a certificate of destruction with the date, quantity and level. That is your proof towards the GDPR and belongs in your record of processing, just as with paper.

Conclusion

These seven carriers share a common denominator. They hold on to data long after you think you have wiped it. A hard drive, an SSD, a USB stick, a tape, a phone, a disc or the drive in your printer holds recoverable personal data until the material is physically destroyed. Inventory your carriers, do not blindly trust wiping or resetting, choose the right level and always request a certificate. Then an old data carrier is no longer a data breach but a settled risk.

Read also: 5 myths about data erasure and 7 mistakes when destroying business documents.


Have data carriers collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.