Avoid Data Theft: Clean Your Old Hard Drives

If your organization is upgrading its computers to newer, more powerful models, you're likely planning to recycle your old machines or donate them to a refurbisher, a local school, or another nonprofit. And while donating computers allows your organization to give back to its community, you can never be completely certain where — or with whom — your old machines will end up.

This is a problem because sensitive data — including passwords, credit card details, and social security numbers — might still be lurking on your computers' hard drives. Should one of your old computers fall into the wrong hands, unscrupulous individuals armed with your personal information could ring up fraudulent charges on your nonprofit's tab or even steal a staff member's identity.

Fortunately, you can take solid measures to protect your organization against data theft by cleaning the hard drives of each and every computer you plan to donate or recycle.

Data-Eradication Methods

Just because you've deleted a document and emptied your computer's Recycle Bin doesn't mean that the file is gone forever. Whenever you erase a file using  Windows' built-in Delete key, your computer doesn't immediately eradicate the data. Instead, it simply removes the shortcut to the document, essentially making it invisible to the operating system and freeing up disk space.

But since deleted files technically still exist on the Windows computer's hard drive, tech-savvy thieves can still recover them using a specialized piece of software — such as Active @ Undelete Data Recovery — and exploit your nonprofit's private data. For this reason, it is highly advisable you use a more secure method when cleaning hard drives prior to donation or recycling.

If you're giving your computers directly to another organization that you know and trust, you might be able to get away with simply reformatting the drives. Though reformatting a hard drive will destroy its data structure and make it difficult to resurrect information, there's still a chance that a dishonest individual could locate confidential data remnants by using recovery software or by sending the drive to an expert recovery firm.

On the other hand, if those old machines are headed to a recycling or a refurbishing operation, you'll want to take a more secure approach by using disk-wiping software. Disk-wiping programs, which come in both free and commercial varieties, generally work by overwriting all data on the drive, making it extremely difficult for someone to recover its contents. Many of these applications will overwrite the disk multiple times for additional security and peace of mind.

We'll show you how to prep your hard drives and which steps to take before you wipe out data using a disk-wiping application as well has how to reformat your hard drives in the event you're turning them over to a trusted third party.

Before You Clean the Hard Drives

1. Back up all important data. For all intents and purposes, both reformatting and securely wiping a hard drive will purge it of all files and applications. While you may be able to get crucial documents back by consulting a recovery specialist, this service won't come cheap. To avoid making a costly mistake, be sure that you have backed up all documents and programs you want to keep on another computer, an external hard drive, or removable media such as floppy disks, DVDs, or CDs. (For a detailed look at archiving information, read TechSoup's article Backing Up Your Data.)
2. Check to see if the refurbisher will cleanse the drive for you. Although you'll likely want to clean the hard drives yourself if your organization is donating computers directly to another nonprofit or sending them to a recycling organization, some authorized refurbishers will do the dirty work for you. For example, any business designated as a Microsoft Authorized Refurbisher (MAR) is required to clear all data from a hard drive before it reinstalls the operating system and other software. Before you send your computers to a refurbisher, find out if they wipe hard drives and what methods they use; it you're not satisfied with their cleaning processes, you may want to do it yourself to provide an extra layer of protection.
3. Allow plenty of time for the data-destruction process. If you've promised a local charity that you'll be delivering 20 computers on Friday morning, don't put off starting the disk-cleaning process until Thursday afternoon. Depending on the number of computers and the size of the hard drives in question, it could take you anywhere from several days to several weeks to get everything spic-and-span — especially if you've configured the wiping software to overwrite the drive multiple times.

Perform a Full Reformat

Again, choosing to clean off your hard drive by reformatting it is safe only when you're handing off computers directly to organizations or individuals you know and trust completely. If you decide to reformat rather than overwrite the drive with wiping software, it's smart to perform a full (or unconditional) reformat rather than a quick reformat, the former being a more thorough method of erasing all data on the disk.

When donating Windows machines directly to another party, you may also want to reinstall the operating system after you wipe all of your organization's data from the hard drive. In TechSoup's article Ten Tips for Donating a Computer, Jim Lynch, Computer Recycling and Reuse Development Director of CompuMentor's MAR Program, explains that Microsoft operating systems are "only valid when used with the machine on which it was originally installed." Therefore, the organization receiving your donated computers will save quite a bit of money if you also give them the operating systems.

Lynch goes on to note that if you are donating Windows computers with a preinstalled OS, you should make sure to give the recipient the Microsoft Certificate of Authenticity, as well as all manuals and the CD media.

Newer versions of Windows, such as XP and 2000, let you both reformat your hard drive and reinstall the operating system by rebooting your computer with the original setup disc in the CD-ROM drive; note that you may need to adjust your computer's Basic Input Output System (BIOS) in order to configure the machine to boot from the CD drive. In any case, you should eventually see an option for performing a full reformat somewhere in the setup disc's interface.

If your nonprofit has been running an older version of Windows, you may need to create a boot floppy disk or CD in order to reformat and reinstall your operating system. For detailed instructions on how to create boot disks and how to reformat different versions of Windows, consult Cyberwalker.com's Reformat and Reinstall FAQ.

Assuming that your recipient wants to load their own operating systems on the donated machines, you can wipe out all data on the hard drive simply by entering commands in the MS-DOS interface. In most versions of Windows, you can bring up the command prompt by going to Start Menu>Run, typing "command", and hitting OK.

Once the DOS command-prompt box pops up, you can choose to perform an irreversible, unconditional format by typing "format (drive letter): /u" and confirming that you do indeed want to erase all of the hard drive's data. If you need more details on how the format command works, in DOS type in "format /?", which will bring up a list of information, though most of it is quite technical and may confuse those without a lot of under-the-hood PC-configuration experience.

Of course, reformatting isn't a sure-fire way to completely wipe data from your hard drive. Another, more secure option is to use disk-wiping software. Read part two of this series, Obliterate Hard-Drive Data with Disk-Wiping Software, for a comparison of several popular disk-wiping software titles.