Media

Hard drive wiping versus destruction: what does NIST 800-88 prescribe?

19 December 2025 · 8 min read · DeSnipperaar

A cabinet full of old hard drives is, for most IT departments, a long-running dilemma. Disposing without thought is risky: a drive still readable can cause a data breach and a GDPR fine. But destroying every drive blindly also feels wasteful, especially if they are still usable for reuse. The American standard NIST SP 800-88 Revision 1 (issued 2014, still authoritative) offers the structure: Clear, Purge, Destroy. Three options, three certainties, three cost levels.

This article explains what those three terms mean, when you choose which, and which categories of data force you down to Destroy.

The three NIST categories

Clear: logical wiping via the interface

Clear uses the standard read and write commands of the device to overwrite all data. For an HDD a single overwrite with zeros or random patterns often suffices. Tools: DBAN (historic), ATA Secure Erase, Blancco, built-in OS functions such as cipher on Windows. Clear protects against simple recovery software, but not against laboratory attacks on magnetic residues.

Purge: wiping or destruction at the physical level

Purge goes deeper and removes data so that laboratory techniques can no longer find anything. For modern HDDs, ATA Secure Erase works as a Purge method because it overwrites the entire physical media. For older or special drives, Purge often means degaussing (magnetic demagnetisation with a strong field).

Destroy: physical destruction

Destroy is the irreversible physical damaging of the drive. Methods: shredding, disintegrating, melting, pulverising. NIST 800-88 gives as guidance that particles must be small enough that data recovery is technically impossible. For HDD that comes down to DIN 66399 H-4 (particles < 2000 mm²) or higher.

Degaussing works excellently on HDD but is useless on SSDs. Magnetic fields have no effect on flash memory.

Which category fits which data?

NIST 800-88 links the choice to the ‘security categorization’ from FIPS 199. Translated to Dutch GDPR practice:

Low risk (public marketing data, log files without personal data): Clear is sufficient.
Medium risk (regular personal data, business-confidential data): Purge or Destroy.
High risk (special categories GDPR art. 9, financial data under the Wwft, medical files): Destroy, no exceptions.

For an SME IT department that means in practice: all workstation drives go to Destroy, unless you are sure there has never been any sensitive data on them. And you rarely have that certainty, because users inevitably copy something locally to their laptop.

Wiping: why it often does not work

There are three classic reasons why a wipe attempt fails:

Faulty drive: if the controller no longer works, you cannot send a wipe command. Yet a specialist with a fresh circuit board can still read out the platters.
HPA and DCO: Host Protected Area and Device Configuration Overlay contain data that standard wipe tools skip. Only a full ATA Secure Erase or low-level wipe removes them.
Old drives with limited command sets: ATA drives from before 2001 do not support a full Secure Erase. Degaussing or destruction is then the only option.

With SSDs, wiping is even trickier due to wear-levelling and spare cells. See also our article on destroying SSDs: why overwriting does not work.

The cost side

What costs what?

Software wiping (Clear or Purge via ATA Secure Erase): about 5 to 15 euros per drive at a professional service, including logging. Time per drive: 1 to 8 hours depending on capacity.
Degaussing: 2 to 5 euros per drive in volume.
Shredding: 3 to 8 euros per drive in volume, including pickup and certificate at a mobile service.

Shredding is often the cheapest option per drive once you have more than 20 drives at once, because the lead time is short. Wiping takes hours per drive and so incurs labour cost.

Working through HDD stock? Mobile shredder pulls up.

Your drives do not leave your car park intact. We destroy on site to DIN 66399 H-4 or H-5, with a certificate per serial number. Also suitable for batches from 10 units.

Request a quote

Certification and logging

Whatever you choose, make sure the evidence is in order. NIST 800-88 explicitly prescribes that every action is logged with:

Manufacturer, model, serial number
Media type (HDD, SSD, Tape)
Method (Clear, Purge, Destroy and which technique)
Tool and version
Date, operator, location
Result (pass/fail)

For Destroy this is accompanied by a photo or film of the destruction, plus a destruction certificate. Read our article on the Certificate of Destruction for a complete field list.

Reuse versus destruction: when to refurbish?

For healthy HDDs with high capacity, reuse is sometimes attractive. But the GDPR risks are real. Our rule of thumb:

Newly purchased drives in use for a short time: Purge via ATA Secure Erase and test, then redeployment is acceptable.
Drives from end-user laptops and workstations: Destroy. The chance of remaining personal data is too high.
Drives from servers with medical or financial data: always Destroy.
Drives of unknown origin or with a fault: Destroy, do not wipe.

What does the AP say about HDD reuse?

The Dutch Data Protection Authority has shown in several enforcement actions that reuse of data media demands extreme care. A municipality was challenged in 2021 for selling written-off laptops with readable data, a textbook example of a data breach due to poor destruction. A hospital received a warning for old MRI drives. The lesson: when in doubt, destroy, do not redeploy.

HDD stock that has to go? Call us or request a quote via desnipperaar.nl. Mobile shredder, certificate per serial number, no fuel surcharge.